Extracted

Extracted

• • Target

    83f7f9da1ea424dfb6cd9cd3741376f3bae3e4638e553d37427cb571c8c8071b

  • Size

    731KB

  • MD5

    056fa9593cc008be4bbce39436f64e58

  • SHA1

    16d96f3643afac02d96171d4cb55b68b7a66f67c

  • SHA256

    83f7f9da1ea424dfb6cd9cd3741376f3bae3e4638e553d37427cb571c8c8071b

  • SHA512

    27379ece9af12cfdaf31c7acd128d0bb50f55f1fe115d683be56263eb5eb0d30cb87cd103dd6342fba507e332b45ce273fa060664e0d9576554f947ffea5e85d

  • SSDEEP

    12288:gMr2y90JG8V1Z/B900+rESqmLEk4s+cl55ACWMJvE3phwP/UMUkX0dr0QoMfQFW5:myQGyS0tJYkclzAoiphs/LUAqr0VMfQw

  Score

  10^/10

  redlinedusatindadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1