Extracted

Extracted

• • Target

    c5f9f747e5e825d614fe4a88c43e5bcd00338d533ead8a2978c9d1504c5d6be2

  • Size

    1.5MB

  • MD5

    72de8322e49c3dab41cafd18fdd819e1

  • SHA1

    5e987faa28b8e94b20bfd2d7e6d6588064297599

  • SHA256

    c5f9f747e5e825d614fe4a88c43e5bcd00338d533ead8a2978c9d1504c5d6be2

  • SHA512

    60e97b653b15821be22e3010dc40f9e692e4f3688d9236f40ed386fe384ed6779b3b1d798815c1062eb39d227c9b6bad80f02aaa66e0614e870519c7d59805aa

  • SSDEEP

    24576:kywknATleccaIopl3EI6FpeW+2ga2fCU7tkxdwiKCtzJhGaccWzf:zgTllbIof30yWUaUCU7todth1cN

  Score

  10^/10

  redlineboommaskdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1