Extracted

Extracted

• • Target

    86fc4ff1c4e9ccdeb2f973854c5b7f11209ae684e0009d7dfd9980541704a31e

  • Size

    752KB

  • MD5

    d634344f1eeb2748fddb994ae64675dd

  • SHA1

    85721464c3a971ef5b83c5cc496c62379aa4e96e

  • SHA256

    86fc4ff1c4e9ccdeb2f973854c5b7f11209ae684e0009d7dfd9980541704a31e

  • SHA512

    c54f563a3829c01b09122df5850e4aff9c427b7914f815d653c0b92f23ce54ee38914f7b3f8e559f09e7f761440b4011b89e3a572964694969885d2d0a306ce7

  • SSDEEP

    12288:IMrzy90KR5S0TxMqGXqVnwh7KfJink5J6aofPy+BrFAFvf0xsxhFxj0XwiLI:ryV51tVwh7Kxi9V4FHjF17

  Score

  10^/10

  redlinedizasherondiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1