Extracted

Extracted

• • Target

    9bf8cd918c0b4a09e03a444ffe558d574fd6bf5bde76ac190f046ab6824a40b6

  • Size

    751KB

  • MD5

    dfde664091782f213f73795ed3188ad0

  • SHA1

    7e89ce2eed2fb962336f43d04dcefb6bdcbfd5ad

  • SHA256

    9bf8cd918c0b4a09e03a444ffe558d574fd6bf5bde76ac190f046ab6824a40b6

  • SHA512

    a4c137df8c8d3a99ad52384afdcfc5c7daf44fc306e9cec6ce2ae55fe4f7f8f40adb3e3cfb35e382ad1c2b2974fe3e8a4553a775c7cd046e488b36fbb8b1c313

  • SSDEEP

    12288:LMrky901BGEVUBmIeSeVUni+bgSpcynkS3LozArs3LziRQshX52M3vgVwGrflO:by9EudUCn5bgWcmkyUzUs3LmR1hJ2M31

  Score

  10^/10

  redlinedizarockerdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1