Extracted

• • Target

    1b76c507aa472f1a14f4117455bfb43c2c8a551bd39e6a2a978c4da889141506

  • Size

    480KB

  • MD5

    3b0f9fb5940f8053905131900b513e6c

  • SHA1

    58ab5f8450a44d967e4307ad4ee6dcb2496c7a69

  • SHA256

    1b76c507aa472f1a14f4117455bfb43c2c8a551bd39e6a2a978c4da889141506

  • SHA512

    cbaa103f40eb91277f3b541de0c180406060aab3512c2361be94a41bfb4330fa78724710ce68c92e9193809b408cb787832a0679db886e2419704c2ae603607b

  • SSDEEP

    12288:xMrwy90JNcWn4wUdkFqftYAZrj7WbBKzi:dy6NcCd8xJoAi

  Score

  10^/10

  redlinedarisdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1