Extracted

Extracted

• • Target

    141d2394effa1553b9a0fe07b200174e2ecc2f0eb2f39.exe

  • Size

    774KB

  • MD5

    85ee14a1ce8affbcaff2e82a6774a25a

  • SHA1

    23bee76adcdf317310416845044c2da54909cf31

  • SHA256

    141d2394effa1553b9a0fe07b200174e2ecc2f0eb2f39e917e1f2bb93063b7e0

  • SHA512

    19e550aeb6669103f543b9822647ea136b802a3aa872357009bb968c163c170432bcc1c50118ccaddd619236fba07a722434492f041186daea2c6432d226afe4

  • SSDEEP

    12288:+Mrby90eC20WEIpWZobIJ5KuhFLSS3ECEAhnuLzuM5zd7VtiZm:1y2IpWBJ5KuPb0CuzJ5Vd

  Score

  10^/10

  redlineboomdizadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2