Extracted

• • Target

    53c4de78b03ba1a89d332182ae5f1157.bin

  • Size

    906KB

  • MD5

    53c4de78b03ba1a89d332182ae5f1157

  • SHA1

    7198ac7bafdef0be412d31b596b67ed5ef20c1de

  • SHA256

    4c330ff01696ec49bf0ceb8b4010c1877d908d7ebf44bfcfd243126f8ec5fbe3

  • SHA512

    6da162e6f793d261151bc317e1dbbd0c812cf97d2deefae1344bb459835a78e6c84e67ec74c17b66a33657fe985cb791a120820ba7a0b1e91004e1946bf1aaeb

  • SSDEEP

    24576:NgZXoZUTVdt7KDFWrYuH/8c87UWxmHvhupE7G:4mKXH/8YtS

  Score

  10^/10

  redlineerica2discoveryevasioninfostealerspywarestealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Looks for VirtualBox Guest Additions in registry

    evasion

  • Looks for VMWare Tools registry key

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2