Extracted

Extracted

• • Target

    37d13063269b50ecb75a070d1eaf600fccc3b489787d2b84575ecf449475ad56

  • Size

    771KB

  • MD5

    25dc28760dca0b26b29826bae90a4aea

  • SHA1

    91bf56d0f29111d697d355bbff3f574bb9371cad

  • SHA256

    37d13063269b50ecb75a070d1eaf600fccc3b489787d2b84575ecf449475ad56

  • SHA512

    d8c6ebcb44b3d2a2ac88e9b61628741630669dad6f3a79963243a1a1a0da3b8e6e974a1629159e0cce2c1fd18dbe482310b2b1c8bb2e430c7e806b077209ca3b

  • SSDEEP

    24576:nyxs6tCHB3NNguHEJo6asK+m8uvk3ASP:yxkRcuaoddLRC3

  Score

  10^/10

  redlinedusamunderdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1