Extracted

• • Target

    e7e4954d8f411c46c33c495fd91ed7245d450eaa11aeedeae6d2803e1b4f0a27

  • Size

    1.5MB

  • MD5

    90c3f42e2cf1cb426da2b881c39d1b61

  • SHA1

    7084e463b5923af4863087c7ea53cd6507815962

  • SHA256

    e7e4954d8f411c46c33c495fd91ed7245d450eaa11aeedeae6d2803e1b4f0a27

  • SHA512

    710a757ab6d7a35fce9c234972075ddb2037ef2b718fa924316343de5c736b63473c52e78233c079c9765f0e5ecf640ef8edb2b98b64dcf96fee2b18faa46ea2

  • SSDEEP

    24576:LyH6jEslKlOetW8yD8KDPkVVpysC8VjpSIu+Jnx4caTBrbmoeH4ecSa9ilUV9fBH:+zRg8yD6bl5jpm+Zx4ckbm7H4yU/zf

  Score

  10^/10

  redlineboomdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1