Extracted

• • Target

    f4da76ffebcab21de638b15536ac6385a0d91ac0a95042cff7bc3defd8aed66b

  • Size

    729KB

  • MD5

    c2c64a4c37bc7924410cccfc059eb36a

  • SHA1

    ccca10d0ec6ebf9adec01ca7ebaec2fe78136dd6

  • SHA256

    f4da76ffebcab21de638b15536ac6385a0d91ac0a95042cff7bc3defd8aed66b

  • SHA512

    529e39258e8e7d87a657ad0a41968a318c1a7cc455558129b12c720fe30ac95130989177085fc16c73f5da0fda7b1b76940596a5e3f117a67c015ff84dd5e4d6

  • SSDEEP

    12288:ZMrwy90PA5ZKqUfbSX8A8S4ZhL8AmmOblw+01aaW2i9mr7tUO:5yIZqmbuwHCFYaaW297tUO

  Score

  10^/10

  redlinemaxidiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1