Extracted

Extracted

• • Target

    b4bebb39dab2032d46fdd730cad1d6a144e4423d77545dccf4e2a2d15bee8335

  • Size

    771KB

  • MD5

    b0722d2332adef5469aa3d86082900ef

  • SHA1

    3e151bdaa742b724fbb4613aaafe50e3d4722a68

  • SHA256

    b4bebb39dab2032d46fdd730cad1d6a144e4423d77545dccf4e2a2d15bee8335

  • SHA512

    42c80b9cbc557746af62de106fa48947c6768ac1ca582f857e841139be3512f5cc3c3849b2df92b274a6ccb4d9874ac025d00e55a57047837038d65362e3aeb0

  • SSDEEP

    12288:rMr1y90KftCqg2A9yQZ4ZTumbaYjdsn6pGepZJ5q+2Lhe3v9X+pSDTSt:my7tCqgt4QZWh32njAw+21au2St

  Score

  10^/10

  redlinecr2dunmdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1