Extracted

Extracted

• • Target

    a4d34cc94f17234ebf8736cef8591897d1746ff3e2ada244497c62de77f98ab2

  • Size

    805KB

  • MD5

    565dfc1f09d753176467ebaa5f1ea160

  • SHA1

    630f83b66c55f0bf408a16a71bd4ff64e11030dd

  • SHA256

    a4d34cc94f17234ebf8736cef8591897d1746ff3e2ada244497c62de77f98ab2

  • SHA512

    e92f0cbf3a3ec14a6a23f123169a36a67bf336d6754c61b1fcb33b9f67b3558aa3e6a3a6808dcd6a7d2df42b8dfaf3534f87755486b415c5d7d2e5291e551811

  • SSDEEP

    12288:MMrNy90d3hLMwf25ttlh4ATABZA6m13lw7x5XwNys01fHxheejn0EQ3UStt8c:hyK/+rIZAxOCybZLeGnF6USd

  Score

  10^/10

  redlinedizametrodiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1