Extracted

Extracted

• • Target

    0566da8552eac74399d96af3d12cd589c7d7b2f27c9cbadb00b5e2e35ba89261

  • Size

    1.0MB

  • MD5

    81b1feb70fff22f6bedabc317029c0fe

  • SHA1

    e0b3530aaf650b05acdaafd4164db73f1f67548d

  • SHA256

    0566da8552eac74399d96af3d12cd589c7d7b2f27c9cbadb00b5e2e35ba89261

  • SHA512

    712d4bac084d947ed1cf642f76a044def990c0c294bfc4be0d5b04bf03ed94dafb3d7a07963d44ced5773d56dc7ce344434cadeeefa2c85d55668f8664ae14c7

  • SSDEEP

    24576:XyOMaKUzbcd388uoHXjEg+hLHV2ucLOK553bS5RZyI:ixaT/cdMEHuV2DLOK/bk

  Score

  10^/10

  redlinelizaronindiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1