Extracted

Extracted

• • Target

    08925699.exe

  • Size

    1.0MB

  • MD5

    18191cdc8f047d6e84101bfe4b2b6878

  • SHA1

    8858ed1c6602c92ad3ee10b99a42181eb7ffc09f

  • SHA256

    28ae6af91580c0b61fed819ba79ba6c9c1f97e8a1dbd7ba1460f1302df3f5671

  • SHA512

    aaf431ecef8273e71c8f1d1ed50f06e271e167a41ec5f13c7f12dbf2f01dad7ea7a7069f5d3b39c70fcb202910fed9b6dab5ba035b8956718983f43cfb88feb5

  • SSDEEP

    24576:syjwc2b1NE1Uf0QOrUv3/AkH5M6aDDyaQE3DL7rzq8czut4:b0Z3GsLgUvv/5M6aDGpCL7rG8c

  Score

  10^/10

  redlinegreglinadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2