Extracted

Extracted

• • Target

    68f9b700ae23de9c9dce66c131a78d6eefb96259ae29735aae9ffc3d53b0d468

  • Size

    730KB

  • MD5

    4edfee09708f0859bc7a61840e5e9ffa

  • SHA1

    adf6d53076b51dddedb0088db4512e6a6332ba23

  • SHA256

    68f9b700ae23de9c9dce66c131a78d6eefb96259ae29735aae9ffc3d53b0d468

  • SHA512

    60b6e8d48ae5789b4cf810317ab3b0161872ceb40d62c7e29d0e561ec360b626e7f3227627a84a3d90c2b155da5762edde6ca812b47789d86fa7adb3fd305660

  • SSDEEP

    12288:mMrHy908HmT/mpg5q3pBd58SlXM7OE8hdWOsPv4THYwnV9hB:lyLHhpx33lXCOEgwPoHYwnV9hB

  Score

  10^/10

  redlinemarsnitrodiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1