Extracted

• • Target

    1079127f6d44602b384288145478d31b.exe

  • Size

    478KB

  • MD5

    1079127f6d44602b384288145478d31b

  • SHA1

    657840fb49d93ee6684cdd7e257c33fabb1d3007

  • SHA256

    12c901317f01b10174d15fe5b244719ecd016bc5b841bb39470752a7b3a0b09d

  • SHA512

    3ee4c35a9651c1a6a6c72756ad7fca353a4ac80ca41035cea9b6a48b17ab6ab38ccaa436a976fcd13d42c94fe61e5b5423f503a4ec78d78eca5cf5fb485258ad

  • SSDEEP

    12288:MMrsy90HOuJ11DiXDGW5c1u31nTswc7uEg3mwv6lkVe2/:gy1811DiXxXtTwwiZO

  Score

  10^/10

  redlinedariydiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2