Extracted

Extracted

• • Target

    c5eeb1a7e5d1dc1403d7320c57c5d3d5e4f019b155e567e64b97e01d5572b683

  • Size

    739KB

  • MD5

    7b6d7b5e10103f63e791aa3c4a7cf541

  • SHA1

    7841e7fe598ec2d12ca9d060bea29e6126dd4b9b

  • SHA256

    c5eeb1a7e5d1dc1403d7320c57c5d3d5e4f019b155e567e64b97e01d5572b683

  • SHA512

    3998efeae3d77607b1da0084770dc95c0a802f6c1818ec4637e26d66d332c15e05e2ec907ba98890c1f415df9c74321f59a660b52dbc823040e7917d99b8260f

  • SSDEEP

    12288:4Mrqy90zH7A0VXicicOHhaGQMjxZQ0CiKUJ0BzEYDpyLfSA+w1XFQKgdeaj:iymbhVFybEFygE8Ew+FQPj

  Score

  10^/10

  redlinecr10dubkadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1