Extracted

Extracted

• • Target

    98f68a1c3db5a87faf29414243f065c21966497228284ee3f309b820b80f50ea

  • Size

    1.0MB

  • MD5

    e8f277e2869b460923664dc5664b72dc

  • SHA1

    e07839fff92b0021e64106f92f674378d45f0387

  • SHA256

    98f68a1c3db5a87faf29414243f065c21966497228284ee3f309b820b80f50ea

  • SHA512

    d7f4c026a59db30c042c5ce9a2589d4e5848f939f28273efa262d3831748fb6c7513eb5246dd9e4336c7b101c73c10622d1772c402752728286b23724fc0434b

  • SSDEEP

    24576:ryNS54wqvWV7eTASo2Tfk+YM6rr5NJGiHcIbzmvLZVz:eNS2rvKBSX1YM6rr53Hbzmr

  Score

  10^/10

  redlinegreglinadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1