Extracted

Extracted

• • Target

    8dffc63b66ccdf34f19fafe8fe34be864346ff7a6dbe421a043fa41b9380760b

  • Size

    764KB

  • MD5

    f28fc32504c145e5707e0257b2524c60

  • SHA1

    2af182179d415a4cc74b2674baee2f8be5adf67b

  • SHA256

    8dffc63b66ccdf34f19fafe8fe34be864346ff7a6dbe421a043fa41b9380760b

  • SHA512

    f3a6b8c5902da8f860b9ab0bf73435f3262f110f0446015e8c34c80bbb103bc5c88444e21f41e82f60f33521e25652069705e7220e7fbb2a49b9ab6f5399abf7

  • SSDEEP

    12288:XMrry908BcBoCqablrG2hv5vtc1F3zF8dQb67xGXLmiy+eq+4dBFmd/LBGE3R:8yno/qablrG2fvtc1FDF8mb6NWVy+epV

  Score

  10^/10

  redlinedisagogadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1