Extracted

Extracted

• • Target

    c089814163c686a278456c37d16edadce51b7cbeeb49486c1c0cf535fcb41ca2

  • Size

    984KB

  • MD5

    d2f83a4fce7c10fab330c354901c81a5

  • SHA1

    18fb2fd192b97b3c4a2b8bab0b5f6d5690c5d28a

  • SHA256

    c089814163c686a278456c37d16edadce51b7cbeeb49486c1c0cf535fcb41ca2

  • SHA512

    ba578ace6ab7c06be5906f523d81b13afa35a3102b8c68902569bd4b14058534625ec0cdd600b8e39ef0264d725a3dd63c35f2477a94f99d44aae6007d2c0dcb

  • SSDEEP

    24576:xyaVNWGy2j1+zbcB3c8OQRzGxrG22hhVFFJkfP/S:kaVN6i18cB3c8OkAGnhTtY/

  Score

  10^/10

  redlinehavalmaxidiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1