Extracted

Extracted

• • Target

    34d0bb49bcb1dc5277378b7488bc90ae3145a71e0149c8cddd31650d7e1e51f8

  • Size

    1.0MB

  • MD5

    ea085e761f3439aab8b28486fd039fff

  • SHA1

    a2fbd97ddea474d98113860cb2dbe802bfad5c6e

  • SHA256

    34d0bb49bcb1dc5277378b7488bc90ae3145a71e0149c8cddd31650d7e1e51f8

  • SHA512

    a94a0195b704e051935140d7fc6719982d6e7c0e502c4662faf523ba1c2ace86ad9e242c4ee53e72e36306db5b407717293ef46fb2d45fa72e6c2798d8f0feee

  • SSDEEP

    24576:CyxUOzy3b8RHSVa9lAuhQLG2Bmdb4vGgLsFTpO5uIee:par8RyVm6/lmdb4vGgLsFTpOQIe

  Score

  10^/10

  redlinegogalisadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1