Extracted

Extracted

• • Target

    53b5a446e22fe904af6ce03fca8f2c16183325a9bab3578800cce8dd4c1c9cb2

  • Size

    983KB

  • MD5

    28547c7f55ae431083e20ca1c4bd0c07

  • SHA1

    c8574a17b1180c6e5d6b7a0413cf15f5262104b8

  • SHA256

    53b5a446e22fe904af6ce03fca8f2c16183325a9bab3578800cce8dd4c1c9cb2

  • SHA512

    6389d54f612d47fe56a7bdcc50f42608fc7f59526307a3c7fe39ed2d446dbb805a782e8393ed47cf88cfa2069a39f5414e3e8688e6877e8be7fe4bac1b7fa25a

  • SSDEEP

    24576:6yJfg3c4bcYf4dFpPbUPldWPT8lhhfawuLAgPf1IKkYrx:Ba3rbjAFpPv8Xh4E0

  Score

  10^/10

  redlineebalmaxidiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1