Extracted

• • Target

    expe.bat

  • Size

    1.7MB

  • MD5

    08e5f2456abf63b348397b760b6bc9d7

  • SHA1

    4305e8ab228a870c05cae9d4355dd717c081c97d

  • SHA256

    bef99c58f0b237c1afcba7a12b5d236578a55ed88914bc3fb3aa0a57153c1ef3

  • SHA512

    f20f54aba953641c7265f19015aaa6f0a671abd59e9cef9e2fde991c1d7c8ff829205b25be51cfb91ad85d593d7185748d275bd1ed609cd2d601c57a97692797

  • SSDEEP

    24576:cgiKB+u1zDhKW4LqrsplcKvOtQ/yKJXbtA8CDrOrWcMq5wkdHseif45raA6dZIWx:3i+ZpC1l5djFBof0dC

  Score

  10^/10

  evasionredlinegst5infostealerspyware

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Sets file to hidden

    Modifies file attributes to stop it showing in Explorer etc.

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Suspicious use of SetThreadContext

  behavioral1behavioral2