Extracted

Extracted

• • Target

    f074da6cc09ee127348f68c90cb5a66843b6b3ec09360d3148ee5016ffd417e5

  • Size

    751KB

  • MD5

    e3b9266114a8123e8bcf44743f75629c

  • SHA1

    f0f60fb8171e7027c2d1ab2fa182c1b0aa46f83a

  • SHA256

    f074da6cc09ee127348f68c90cb5a66843b6b3ec09360d3148ee5016ffd417e5

  • SHA512

    fdc3530e168df95bb035d63cfc3417f832b0d11fbb200ea89b82ab6835a6b5c4d646b91fd45df7451046ed42648ff8ac8e27af1f95aaaa69cc667b984f795c31

  • SSDEEP

    12288:CMriy90DFZBA3fexd4l17GaVFLc1pf7+owygZuwxzZzaYIOv8IjD:Uy+BALL7NVFQ37Bv8uwLzrPD

  Score

  10^/10

  redlinedizarockerdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1