Extracted

• • Target

    0855d1b22a0ae9861bee2b4416642568.exe

  • Size

    1.5MB

  • MD5

    0855d1b22a0ae9861bee2b4416642568

  • SHA1

    19c76c2c27e213b41c40cada5676ce85cf968dd9

  • SHA256

    e786ec3a804265639f5ec8ae41f22ee2fc06c247ef3c0414a75b9c3dc82de8da

  • SHA512

    5f6bbffb73b0844763a0c38a905f773320fd70cbb41a69e46d01f4b8ff7d95889cdbd01da7fa6b97906934d66ff5edfa10657eeaf3cdab7681ee80679d2caefd

  • SSDEEP

    24576:Aybp2ZU6ihzoZ6Qk1kI485uuqbNcPZfMASstF+i2HfTLroeHLnyL+l9Pssurrca:HWCcZpk+ITo7ASWwH77HLi+P0sWrc

  Score

  10^/10

  redlineboomdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2