Extracted

• • Target

    94721f33f6d70512eee929fe13a59911556b09025765bbf2ea9de76ccad428aa

  • Size

    738KB

  • MD5

    ff7d30e6aab45e193ed775aebb718be0

  • SHA1

    87a7726df7263641cc312922db5cc23ef17f7ceb

  • SHA256

    94721f33f6d70512eee929fe13a59911556b09025765bbf2ea9de76ccad428aa

  • SHA512

    267f1714e65b8e350e9f2f61f5ea781e4b4a07a616c61aa9f838fafc3f9f4b259660cbbc9e20c02035602a103a26444d75f1e792dddc11c07c5cfb90c68024f2

  • SSDEEP

    12288:jMr5y90qQhn6RTp3bVWvU8YiAXzQLbLzy1waEpdT5rsHa+qGbY:6yTQR6rZWsFX+321LaxsI5

  Score

  10^/10

  redlinedizadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1