Extracted

• • Target

    0044c9f9b8eb7165b726684d03db37792e9c2551f5e95b11e9ac0f91b4c73c68

  • Size

    600KB

  • MD5

    9d91630946c8ff91a9e66b03e6ae1b5e

  • SHA1

    e74037cb5eecdf782ae43f8bbc353df03f8c71c4

  • SHA256

    0044c9f9b8eb7165b726684d03db37792e9c2551f5e95b11e9ac0f91b4c73c68

  • SHA512

    91c366cf9acea710d761197641af5bcb8ad5bcdb5efa20ab296d7c5ffcfca12801c7fddfeb774b877f626a5981a8f47e70c6c3f6fb8b0643ae747a586cb85f22

  • SSDEEP

    12288:VMriy90Pz9MAEu1R/gDHNoP9SJzVeBLwTYVR5dpg:rye9+uGoP9keFRVbdpg

  Score

  10^/10

  redlinedarisdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1