Extracted

• • Target

    040e3511097cebf811e2861091f31e02d1c4a55ebbf6104d3e2ef0941602a62e

  • Size

    769KB

  • MD5

    8c6695cbf26276a8a3c7d5fb1193ae83

  • SHA1

    c614cc2769f1fdaa71eed4ae9a916727d6ac6417

  • SHA256

    040e3511097cebf811e2861091f31e02d1c4a55ebbf6104d3e2ef0941602a62e

  • SHA512

    ed8f272164e8756884b27e5678c23cdaa06f4fc38937ec803f5483728996bcaf237d6131ae3b154fe80247374af46047ef219c6f0fbf9e5d5260c8d75f82f195

  • SSDEEP

    24576:Jyqsh4uSB9hszo0kvnyFl/gouXj+K72bI:8bWuSBIzF9lef7

  Score

  10^/10

  redlineminaevasioninfostealerpersistencetrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1