Extracted

Extracted

• • Target

    4f67146b3a90f1b2e8d89854dd37b925c732caef63a22b041f577f3ce0c6c433

  • Size

    576KB

  • MD5

    a1611da8edac600144ee76bbcb13bc6c

  • SHA1

    36f92c08afa99722c4c84c7f076dc0ed4669c61c

  • SHA256

    4f67146b3a90f1b2e8d89854dd37b925c732caef63a22b041f577f3ce0c6c433

  • SHA512

    ac672c67de50016ef37da2b5a4f585310c0cf590addcf3755428fab4e9961e04377d8e7ad05e8c2a7cafe68ef63db2eb2e5ad8cfce317b0cbd1d2c72faa3e514

  • SSDEEP

    12288:vMr+y90a+IeQFj01Id8D2sK58URsBrxBAPVgya0dl:ly9+LQFLP58oshxBcgL0dl

  Score

  10^/10

  redlinedizasherondiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1