Extracted

• • Target

    554d25724c8f6f53af8721d0ef6b6f42.exe

  • Size

    736KB

  • MD5

    554d25724c8f6f53af8721d0ef6b6f42

  • SHA1

    12aa02a42690740e106790852709edd8648177ac

  • SHA256

    e43fff23b2fff04d4a335ab5ff3cf69ba90bcc0dbe35901cf1c1e020614a0f07

  • SHA512

    b3edc933a34230613dafc3edf1d3e6e6adc73a55fcad4b4e80d903aec6bd87052df69c7752a39618385508006625b4d828bf25eaecc15bec4966e9320a39bff0

  • SSDEEP

    12288:HMriy90oEzXGK/FxXki8Y52n1bW2sIPNhO1d8lvUeVaPXDBXi9V0Hh9PHL39n+rZ:xyLQWK/FxuY5kIAwBeV+XlXtHhJrt+rZ

  Score

  10^/10

  redlinemaxidiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2