Extracted

Extracted

• • Target

    255884cf172469395f9883932d11e8d0136e107a3928fe490041b9f8e7317929

  • Size

    769KB

  • MD5

    5710c813b2db963bf1aa094ef188b7a2

  • SHA1

    1025401eebe90b82d5e7653b30ec96fdbc4dda85

  • SHA256

    255884cf172469395f9883932d11e8d0136e107a3928fe490041b9f8e7317929

  • SHA512

    08dc8db73a84fdca2511b7da8dc1ad07e0914e7ef3a304c1ee5cedd0a69b02a9d2767555eeeb868598e0e0fd295c8ac4555023d4d0bcef1a1816f263639f43fc

  • SSDEEP

    12288:RMrmy90jb/pL5tGk6yL6sYRCpiAm3oOsSTKBl8oqb9gC7Yh0/lh/XkT/kgj4bp:byY/pL5BIsE2HuSq3GC0h0HUbpjOp

  Score

  10^/10

  redlinedisagogadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1