Extracted

Extracted

• • Target

    c23d9f39c0dbb02d5d6f3c437199efb94727713fd3e21e437a4540c27590574b

  • Size

    766KB

  • MD5

    15f580bb1bba0a2ba8e7912a71c10b7f

  • SHA1

    a9b9abaaf8b91b694b23a1e3ad1e18f9342274ab

  • SHA256

    c23d9f39c0dbb02d5d6f3c437199efb94727713fd3e21e437a4540c27590574b

  • SHA512

    05b0f0b1181128f4ca6d391f2be3140e9431185e8c81ef22314247ba6645e87dd6ed3a9706b5ddaae743faf1b665e313b87c4cc72981152039f202bdb50363d4

  • SSDEEP

    12288:CMray90LPkj0VGnWtYXInXytlf/S7NIThoy/n6Zv88HbhBqxYf3:YyG8wVhbniL/Syp/nivpu6f

  Score

  10^/10

  redlinecrypt1dunmdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1