Extracted

Extracted

• • Target

    cumloader-4noname.exe

  • Size

    1.1MB

  • MD5

    c611b4af1a4c2f5a9870bc7ef635c1af

  • SHA1

    a7154b0fd2183aeddc80f2520372195e30a2a420

  • SHA256

    83b3e742e5066c1bc02670f0e19db826c4d40c165e8d73f9ceb4bbcc36919d40

  • SHA512

    f5edf58f00aff1d04a6ba8ab90171c01031826d1a4d54151c4f62ba2bc45f9d70a4f3bbbae41f7db850588e4096643a8830bf6d1bc2aff08c81bfde6ceab0463

  • SSDEEP

    24576:6yC0HtNSi6K8LP1APcpSp19u/2/ZjF6B9f8nKNGGPbPJOWZuDAP6hu:BCytH6K18SfwOnoEKRPjoi6h

  Score

  10^/10

  redlinedoponsraladiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2