Extracted

Extracted

• • Target

    6c3c3489d2da126b240a572ab45d46b56a7e89cd54288a71b0363cf375744a14

  • Size

    731KB

  • MD5

    dfcab16ea7873f9fdd7ebaac7b4fe95e

  • SHA1

    077dc69dcb8cc8d1a11ae8d0256f6b2100f53318

  • SHA256

    6c3c3489d2da126b240a572ab45d46b56a7e89cd54288a71b0363cf375744a14

  • SHA512

    6b384429b044ea8612cd4dceb1ab9f6eff3db34aec3ecba8f5fd53574e1a09d578297bd9b306e874441db45b261e8f137b8a78212b91cf2673851dacb681e669

  • SSDEEP

    12288:+MrJy90M9hi1ZBYeYeikrYp9KyM4jsmLpq+psg7sgCM2t62osytrWGFv+4:/yLTeZGNkIk2j5kgJU6hYGJ+4

  Score

  10^/10

  redlinedarsnitrodiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1