Extracted

Extracted

• • Target

    7704d541993997e42e8e79bdb00e508e86f51b9eb14466510b4bdb0686770a41

  • Size

    771KB

  • MD5

    352fe8a77bb60ada4e6611c151040c32

  • SHA1

    03c36528fbd3ca9cd6f4f8ac4c5a02087f092f30

  • SHA256

    7704d541993997e42e8e79bdb00e508e86f51b9eb14466510b4bdb0686770a41

  • SHA512

    a93d8639d6f8d6bc4d28d88da03dd8da3afdf8d3d5ab931e92cfdef165ba6bb87e3dfa1142bae1a72c0c4da71f6eee830e4aade5c0c95d7f7b1b149dc555918b

  • SSDEEP

    12288:sMrFy90/4vGbuTcq3zSBpxOuKIyGwd00Iltzz4qrhjaYgHckaBDTDoS5hG1JVr:JyhtV3zSTBKIV+00Y4whm9eDc

  Score

  10^/10

  redlineheroymuradiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1