Extracted

Extracted

• • Target

    9ee43019d45508f86a66ccb364e42d0b2b5447f1193f17b85a13d4a9bdf88529

  • Size

    723KB

  • MD5

    7214fee316a79ff0e382d46ff6ce2177

  • SHA1

    ab8a62054b626da12a1a6266bb8f36dbc4bfbb71

  • SHA256

    9ee43019d45508f86a66ccb364e42d0b2b5447f1193f17b85a13d4a9bdf88529

  • SHA512

    f649ba665a1a805dca39629477771629a99af28910c236346e93f178c3491d8512d5023c210c208efd3b196a15a5ff50eebb73d0ee2e539518705c30faa06a10

  • SSDEEP

    12288:yMrNy90hxZIQmcICOFwcCa8cvo33SRO2MMVvRvR9ABlOrMJwWXb:HyE7OFN8cvo3301MG9AjsslXb

  Score

  10^/10

  redlinedizasherondiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1