Extracted

Extracted

• • Target

    2540196e84d44d44d5d0f6bfa9c0cdf23847873a86dc32664896fc321f4ec129

  • Size

    754KB

  • MD5

    097296bfec5a94030d2e137930b01409

  • SHA1

    3c404537624e03d028ab5a690a0e43ea4cfd7bb4

  • SHA256

    2540196e84d44d44d5d0f6bfa9c0cdf23847873a86dc32664896fc321f4ec129

  • SHA512

    d249cee95fd31c391d4d7801895d44f72382dd433e5b95763ef5728facacf02d94163d1bec8246ecf212d9036cb504be823be5bed696ecb7a27b631e8fdafbbb

  • SSDEEP

    12288:IMrFy90O3wE2wBEu/AKDB3SLMu6XQCD6x7I5jIQf/s2/3pPOi0T9QE:9yBZ2woa3Sl6XQ06x7IBnzPdu9QE

  Score

  10^/10

  redlinedusaronindiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1