Extracted

• • Target

    b261111fe006ae3e96e5b95094e3c7276b5c1fc6055385b484cb4febc49fc44f

  • Size

    751KB

  • MD5

    348276862110b95b0dee4f6fd84d7581

  • SHA1

    9a9f30272dca7579bce7b6c48d6423887199b5e2

  • SHA256

    b261111fe006ae3e96e5b95094e3c7276b5c1fc6055385b484cb4febc49fc44f

  • SHA512

    0aec248a6956c0c60fa3e6d4a5dfe32a1f07ed42fe94cd7365416b5417d38bdb0a3cc8022af66b1531bc2b46f4ad75fb6dddfcc4b6f9dc7c81688c5f62e40dbd

  • SSDEEP

    12288:GMrky90em0BmTfNtGi90IM8Q+4sH2BmaQThcYfldzHA2hqgxj/KNndA5WIs9pUWa:Gy9m0BKVtnKIs+xH266YdjA20+/KNndi

  Score

  10^/10

  redlinemaxievasioninfostealerpersistencetrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1