Extracted

Extracted

• • Target

    eca1157eb3441cb134c8bfa3486992ba37cd0e029cecb98f207a029b25d67ad3

  • Size

    750KB

  • MD5

    63766cdaac6bdbacb9dd44c69c6288a1

  • SHA1

    af56117996cd2969a338e84e5f14fd0914af54f6

  • SHA256

    eca1157eb3441cb134c8bfa3486992ba37cd0e029cecb98f207a029b25d67ad3

  • SHA512

    2d848452c1daaf1ba91cb394a0d6c90e13ed9a094851eb44ec68a7bd1c7bacd7f56a805f96df43f442b8d93a7adeae67380888b5f4cb978cfde6557a9c592933

  • SSDEEP

    12288:sMr/y90qWTcxbYRAwpZ+IEfWbmyOki03FrnhR5E5f5pDyV7ZWxUd7v+z0pAHzoP:ryZoyURAkESbhHKfjGNIsL+kAzy

  Score

  10^/10

  redlinedarsnitrodiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1