Extracted

Extracted

• • Target

    ba5eee26c14ca581dcaa4136dbbb6ef7553eb9d4ecb7e8d7ae3267fdb464cf85

  • Size

    1023KB

  • MD5

    630d30c45a9e455731b0ba71c9c61db8

  • SHA1

    557e241bd79bb5a7c1ae74c3411462966ab2adcf

  • SHA256

    ba5eee26c14ca581dcaa4136dbbb6ef7553eb9d4ecb7e8d7ae3267fdb464cf85

  • SHA512

    d1f748e09a2b23542ff9ba0a7e28d33dca3223cd5e23daa49885f053940f60edcdb7452193488f59ee72e64870f279ec58c683db0c0b32d030a74a750e3c4683

  • SSDEEP

    24576:xyAFiPXW8Vzarx+TLNJu6qRXX1Pp0cRJ5l2hBu:kEgXW8VzarcL26SXXtGe2hB

  Score

  10^/10

  redlinelarsnitrodiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1