Extracted

Extracted

• • Target

    8b92f082d95885ac164b648eed0706fd0dc3583ab91b90bb616ce9bd845ac082

  • Size

    764KB

  • MD5

    477166dfce52f2e3f02e9113784433de

  • SHA1

    772c630f3713fda2b9220429bcf0c592f68cf622

  • SHA256

    8b92f082d95885ac164b648eed0706fd0dc3583ab91b90bb616ce9bd845ac082

  • SHA512

    b44bfb0e438a9ae9988f544202c3fe41e11f3a007d6e74064eda224db1e567eed04606b6480e478e5a3c03c2eefe8838671ef00414910e2b3a757ad009efcecc

  • SSDEEP

    12288:pMrPy90GhfBzpzsgsX8mLijCcoOSNFWcknHqbtJ7arqj+9ylW6EWuEphhII4dmM0:yyLy8mLijCGePkHqbtlxj+Ejh94sMmdf

  Score

  10^/10

  redlinedisagogadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1