Extracted

Extracted

• • Target

    f1816b3fbd919bbadf8ef38e2ef453cfb9dfd01de7c5f4f5e6df3ab31ff7aa6f

  • Size

    804KB

  • MD5

    36335ef53965db066deb867da28b0f02

  • SHA1

    f1b908f5905324b2d5892459351a3386fdc9193e

  • SHA256

    f1816b3fbd919bbadf8ef38e2ef453cfb9dfd01de7c5f4f5e6df3ab31ff7aa6f

  • SHA512

    f7e3edfe9e5083f1b664e1d78c1b092cc01c348ff13fb50cf5519f90518f667523e49a1ef952fbd0ce07fb2c2266603ba6efaaf78e4663006640f23e0bc220d3

  • SSDEEP

    24576:UyHxkv0jb3NLRnzqrEOnHhUviWji5Qt1QKIz:jHKv29L1zqI8Ovi4gQtyl

  Score

  10^/10

  redlinedizametrodiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1