Extracted

Extracted

• • Target

    d2e809a98ee422b054ddbf7846003de681701dee1bafbf174e6abe023c42f456

  • Size

    764KB

  • MD5

    99d87265886fbfb3474f93364eac77e0

  • SHA1

    51eb762435ebe05747e313f46dda2108be281148

  • SHA256

    d2e809a98ee422b054ddbf7846003de681701dee1bafbf174e6abe023c42f456

  • SHA512

    a611a64fbfc0f634467da75b4445d912ac34f1bea42b61def4a13264aae530d3cab9d77fb49cef260643b7bb234799623a9b08f9fe3f913dbe9bbdbcf021f6a1

  • SSDEEP

    12288:nMrDy90L0lnMaQLILLaxRinWnu0tIf/BavoHNIMN2ZId1q+4dBHmd/LBkEeJy:syQAQ0u/1tIXBavoH+MN2ZE1p4fHmdDv

  Score

  10^/10

  redlinegogamisadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1