Extracted

Extracted

• • Target

    855003dec064d4de37b4216e6ca6bd05.exe

  • Size

    766KB

  • MD5

    855003dec064d4de37b4216e6ca6bd05

  • SHA1

    b5acd257fcadbf1e764db7ce75176afd3102c814

  • SHA256

    38c3c5423b06b1f4796b21c2491afcd284427df2a60ccf72fd49cc64e0b1a966

  • SHA512

    a4fb13beb54bb499d72dd29845dc58d853961e923f5f5f37850b5ef802a90509d577d8206121527b74e01484aa192ff279193c0b41026ea3872bcf2006847fda

  • SSDEEP

    12288:nMrby90X5mMdTuMDe/bXxxosrCL++pLmk2plRaYAsC/uAOPkvGkBxVnM8tIW+IEp:gyGZTK//o5COLmkuPis0duk3VM81+D

  Score

  10^/10

  redlinedinagregdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2