Extracted

Extracted

• • Target

    558e66f26374e92e9f79bf784d469ba5cfb88b33ba779cb6c3e6afb86320c085

  • Size

    771KB

  • MD5

    42bbe6dbe670fd6afa69c76521ac49e2

  • SHA1

    295b8c95c0ae14025830619be896ee4ba8a27f5b

  • SHA256

    558e66f26374e92e9f79bf784d469ba5cfb88b33ba779cb6c3e6afb86320c085

  • SHA512

    c651c161ff957167eb54c836a11302bee393b4f519bdf337ec537aa3a31c87f1f54b0c0c045c5a223a4b405e8ff02d822db815f7c7378565c9d1462cc217d43f

  • SSDEEP

    24576:0yA+xf998pVO9BqdB4Y0tO6jc0ZrJuBl:DXf92RdB4tOurJuB

  Score

  10^/10

  redlineduraheroydiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1