Extracted

• • Target

    https://www.smadav.net/

  Score

  10^/10

  discoverymetastealerredline@hisumievasioninfostealerpersistencespywarestealerupx

  • Meta Stealer Stealer

    Meta Stealer steals passwords stored in browsers, written in C++.

    stealermetastealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine Payload

  • Registers COM server for autorun

    persistence

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Loads dropped DLL

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2behavioral3