Extracted

• • Target

    05850899.exe

  • Size

    734KB

  • MD5

    b5cb9a4b76f6dfd9264504f976b8582d

  • SHA1

    c8b21b12f9849f6b5ddd0903d259f5b80275d0fc

  • SHA256

    8c519136fb09ae5a508ed98e882466bcb329dfc2fb79e070bc5dfb0051fcf175

  • SHA512

    fd141f9ebd5441cac42691d9ec9e46b62b405f736b4ef4c3c44f801f040e852a65106fbfdca2d56b44fd39bea693a0b555de041e64fc9bba18ebfccdc0a32131

  • SSDEEP

    12288:2MrjBy90JbYz/kDqodUFVCNlFffHJhNJ7b3KMcYLaXE+jMVVqftxG2SxA:5By4U72qCUQFf1J7wY8JMnqrGJxA

  Score

  10^/10

  redlinemaxievasioninfostealerpersistencetrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2