Extracted

Extracted

• • Target

    M7R89424.exe

  • Size

    984KB

  • MD5

    07798ad6724cb972bb88ec438e1f6057

  • SHA1

    60c41516f30bb9ea31fa7de14ab46d29c027c78d

  • SHA256

    ac8e4e319a6f6849fbc1bc17f072e3947f95dd04767b06c9b891090796c7495a

  • SHA512

    02035b1bc49dbd52abe41ce3283b56fc87f9ca67058de801591f2dc420a8ef33329b4a3ec49ff70488bd95c4a53c812ccc34790e9d6504ae3b469a4f8cd636ad

  • SSDEEP

    24576:nyfztxGLfZoZboelWtgLGmzGVFhE/396GEZJ7K:yZxGDZoZ9RGqG7hiNKZJ7

  Score

  10^/10

  redlinehavalmaxidiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2