Extracted

Extracted

• • Target

    0fef6546a48dbe0103559b94829d920ef5719ec516c5b3c79ef7a73d44ad1f4e

  • Size

    591KB

  • MD5

    76b69bf4d719707eb37d98564704662d

  • SHA1

    4db09c0bf55d9a4258a3fd19a539326d1afcf166

  • SHA256

    0fef6546a48dbe0103559b94829d920ef5719ec516c5b3c79ef7a73d44ad1f4e

  • SHA512

    e50b670bbe11ace980af2b9bdee812eeb907ef74ab880804bac7a820432570bacd7d731bd5ce61191b3bac8f71684932791a86654d4ae1b58e5f3c50a46e5eb5

  • SSDEEP

    12288:tMr7y905wz1VFhSptxex9ZnnkhIUOatIMFJwTmFEu3ygO:+ykW1VbLAhDOi7v8mF1k

  Score

  10^/10

  redlinedizasherondiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1