Extracted

Extracted

• • Target

    04a76d32fcb54b26acd232c95583bf78c5dbdefd3c23d1ec9e47577138faf231

  • Size

    730KB

  • MD5

    9a5244d2cd04fecfd45eba8588c71381

  • SHA1

    a55bb07fcdaa8b4476be4440c4b332e8dac5879d

  • SHA256

    04a76d32fcb54b26acd232c95583bf78c5dbdefd3c23d1ec9e47577138faf231

  • SHA512

    13c448941b6b0c992cd4bba1ec48c86881758b673775fa886b1425e8661b61a5e61f4d7402100cb2ee4980547cf3acc96c04c95af298a03931bc60e9af9393c0

  • SSDEEP

    12288:LMrMy90KSo2CViFEHqnds4mJsThfapCZgUc8Zj0w:3yKo2C0l9Z1Jh

  Score

  10^/10

  redlinemarsnitrodiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1