Extracted

Extracted

• • Target

    11d43c5bd6f9443d6972a5c63c6cbad4488a5954ac309ef2e4328b021fa59d46

  • Size

    806KB

  • MD5

    aca88ae7746d36d2cae651082a4621fe

  • SHA1

    397a817ddd026455bc92293c60e93714b13073c8

  • SHA256

    11d43c5bd6f9443d6972a5c63c6cbad4488a5954ac309ef2e4328b021fa59d46

  • SHA512

    c6866caa926b5221c6719866746b08a96980bf9307d4b24885dc176ae9c11b7343b5d10a14d95949ed0abe15ec7ee4dead80bedea392d582a6b3b680546f80b0

  • SSDEEP

    24576:5ynxk7OauZFqf1pm6UVLKKm1eqnv6USjX:sASq9pm6U5KK9qnv

  Score

  10^/10

  redlinedizametrodiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1