Extracted

Extracted

• • Target

    6afe90819564e1af1dd4bf42b072757e793c58847aacc6399bd141a03f27b463

  • Size

    1.5MB

  • MD5

    0d413982743befadc910246c181fd6da

  • SHA1

    6a630cdbf2f1f5e3e817757c2b464c8506aefed2

  • SHA256

    6afe90819564e1af1dd4bf42b072757e793c58847aacc6399bd141a03f27b463

  • SHA512

    b0ae66507afefe1f5fa638427616abaa58e05cba7ea8b322b2e1a135cd6bcf90651017c775c67d7a800328958d0f19dbce3e2e17d69c329012f6198fd2cf3ffd

  • SSDEEP

    49152:jXoAJCdjZSPT2rhlFqyBYaOYTYwSDqQoN:kATL2rhlF7AcQW

  Score

  10^/10

  redlineboommazdadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1