Extracted

Extracted

• • Target

    0a7d2f20ce50820efa0d59577b00710d777f7b621932271f4fabecb13a55700a

  • Size

    602KB

  • MD5

    ce84cf63d55adc4337bc5d8f7228129e

  • SHA1

    19d6392d8074a373836dd43575dbfb843604e3bd

  • SHA256

    0a7d2f20ce50820efa0d59577b00710d777f7b621932271f4fabecb13a55700a

  • SHA512

    186f0fe8bc735fb7bf0a8addc3ee96d3b946dc1be4a54f2ad4748c7650696c3b9897a633bfd1ce5c031d3f681108eb940d282cebc791ffb8a291425398c307f0

  • SSDEEP

    12288:3MrFy90GZ01Fku3mFIO3GUyffZwFNahXRXeQGfh/V:+yfZ01doSfZeNWh3gh9

  Score

  10^/10

  redlinedizasherondiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1