Extracted

Extracted

• • Target

    757b9a6897d05d302df281adc054ba8f246d9e4e372af2f406523784549d063a

  • Size

    793KB

  • MD5

    48d61137d9d0c706699520206ca40fa1

  • SHA1

    5b07769b6cf7689fdf238ce9783e93360033db06

  • SHA256

    757b9a6897d05d302df281adc054ba8f246d9e4e372af2f406523784549d063a

  • SHA512

    b127e391fba8de0ea011287af9d49b52ba1d4b099fe796e27cbe421dc2330ca2c3ebcd0bb5d57a2777ccb09b0e9c1bb08757399a85e3aa84049ba4901b29303b

  • SSDEEP

    24576:ryrP58ccwn7Rb5nhZHbU/0y5zXBTf0LOSI:erh8ccw7z2JzXBT8L

  Score

  10^/10

  redlinedantegenadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1