Extracted

Extracted

• • Target

    70555a1345e99d1ea7c0507161448169ee38f7f48e87e114befea449a616b0bb

  • Size

    763KB

  • MD5

    a9873ea604e50ef59160e4f8978bab2d

  • SHA1

    b2793e87c38ab70390a05b9f4b1389b6ff894ffa

  • SHA256

    70555a1345e99d1ea7c0507161448169ee38f7f48e87e114befea449a616b0bb

  • SHA512

    5cae394c8e6cf50b18371a8202e0f9e8559e1342e03b9bf59ef6096cf7559e767f25c515ee768625be1d39f28c4543582221ff603629f98debd4c9fea921364c

  • SSDEEP

    12288:1Mr5y90RiRxcvOVkbifdDGF9hF4pAo/lVlHbFkmUScmIHzVclCNv2op/hb:wy1P4oG3hCPdxD++lQvdr

  Score

  10^/10

  redlinecr2dunmdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1