Extracted

Extracted

• • Target

    dc2aeaad9964db8e02b15cea0a280a17921d721678b1f284cc94a198967fa840

  • Size

    983KB

  • MD5

    34e4507675d062c4ded4e21848127775

  • SHA1

    96041bda222024d981cdb438f875aacb438abf4c

  • SHA256

    dc2aeaad9964db8e02b15cea0a280a17921d721678b1f284cc94a198967fa840

  • SHA512

    909df0739e5927fbede31075fd1f082e887b3994da602c261c9a87634df4189b98ab7a3984297ce82f3224b87c13838ea4ac17b00c515b4c615b9ae9b64c0f0f

  • SSDEEP

    24576:MyLPeMDqX4kqxATFGshVRiZqFA0PfnKtp:7LxDW45eFhhVR5HKt

  Score

  10^/10

  redlineebalmaxidiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1