Extracted

Extracted

• • Target

    c55ff411f21d2677eaec679b020d8a173cc68990bfa1a7549a3b5e92263842b5

  • Size

    771KB

  • MD5

    b0f84296d29d6a1ebe9f1d3c361ba5a2

  • SHA1

    e06cbf35f15d5c5900576c721716a7b7728bbab2

  • SHA256

    c55ff411f21d2677eaec679b020d8a173cc68990bfa1a7549a3b5e92263842b5

  • SHA512

    3d9073f5f379857a3c317bcbac7c2a4992a80d14ce7cdb580a0a6c52a5136e0ba86bdfa8f8a7fc627f4659ca24e52342df2a7b1ce41c73af2c2dc0130108f829

  • SSDEEP

    24576:ayPCOB/ClVWcQr7TCmsMAPlFY8fTk39SHE:haOBp3DCmvAIIO0H

  Score

  10^/10

  redlinedusamunderdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1