Extracted

Extracted

• • Target

    09146c35b49be8f83266dac44958e35f877bef0daa85898c6810338dafb70151

  • Size

    602KB

  • MD5

    4b110d36417ba6ce62d9d5138b75cc12

  • SHA1

    6849cb5a41199f956920fe09fe069a51e40ec433

  • SHA256

    09146c35b49be8f83266dac44958e35f877bef0daa85898c6810338dafb70151

  • SHA512

    cd91454f23efd37dbd6cb247aaac0cca81f5a63a15d5b1a8b76aedd8cbc63d433186479d8c893989c3f0b9ddbb6229f18bf0c8833be3f22e6fac85443bca5bf1

  • SSDEEP

    12288:pMrcy90xo+0OwFI48nJosIdrhRuAZHyugIhcsBlw6t89RDDJU0:lyyyh/xtRJZHkIXcb

  Score

  10^/10

  redlinedizasherondiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1