Extracted

Extracted

• • Target

    aff3f4becec0eb9ed53537b3789e6338232afd60d049419ad455d9a99d3da67a

  • Size

    1.5MB

  • MD5

    fc6ac3fbae52ec98a1dac70aaaf82ed4

  • SHA1

    3412a8846c5bb7f34e4f6c1ae4e1f6948099a2e8

  • SHA256

    aff3f4becec0eb9ed53537b3789e6338232afd60d049419ad455d9a99d3da67a

  • SHA512

    fedb04093b9266803b4db960317fc02916d081f89108bbcbc2e53a5694d0b18e4d1b1588e86511fa700261e26681d3872a3e94cfa137fdf1a66cdfeb23b39c5a

  • SSDEEP

    49152:is4cAK7L1Yh8adSVLHMh7l8t0t7RiiPN:kcAYLeaKeHiO0tRik

  Score

  10^/10

  redlineboommazdadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1