Extracted

Extracted

• • Target

    1987d6f8264d89f880dbec37718824902359d4e0775907dd8100b0d97dff5149

  • Size

    1.5MB

  • MD5

    aeb537d7387d404f3f846679f978b554

  • SHA1

    3120fbeed5b417606d5803cc2bbebd1474b59aa8

  • SHA256

    1987d6f8264d89f880dbec37718824902359d4e0775907dd8100b0d97dff5149

  • SHA512

    f0efe8dc089a994b466f6d2e51926614796619346006e7af1d54bc033640b63ea88103dfe3928c6107010cc79bbb4b4907d3560fb0853c9ba3f60f3cb0e6d4d0

  • SSDEEP

    24576:cy4zwHysrabTaQGa/3RWy7Juc2V7XkpSfxqbB1/pxei0N5DnxqtCHQb5qZXYBe+z:L4zZfOQGc3Rh7JgVXqbB1/vei0/DxuEa

  Score

  10^/10

  redlineboommaskdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1