Extracted

• • Target

    file.exe

  • Size

    431KB

  • MD5

    b8c62b2027dce8cc981a2f1093595f57

  • SHA1

    d97f8c7e6476777d1cb8f6ff2f9885b02cdf2188

  • SHA256

    74fed27c33b9d80c0c18081bacf6778fe2a892c58643ad2b9811380181197e9b

  • SHA512

    4280154fe87b67b4c731e3287f7439755d6986ad08c08086cf84205433464888f3a175b80c26bb2a8258a18922d8fd13eb3a98f2bf0a9673e23ca0a1789be695

  • SSDEEP

    12288:yYFDa27qhRYzrpNoUEocLsOV2Rsvs+kvQR4lO:lYuqXccHJLJARQsLlO

  Score

  10^/10

  redlineinstalsevasioninfostealerpersistencespyware

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Looks for VirtualBox Guest Additions in registry

    evasion

  • Looks for VMWare Tools registry key

    evasion

  • Sets service image path in registry

    persistence

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2