Extracted

Extracted

• • Target

    ef5141474b21ef5be1ce725ee2dc8e8ee668475763ac76401d56bddf5d8820de

  • Size

    754KB

  • MD5

    b46bba5eaebea68bc8cc6954a6039a6c

  • SHA1

    d1881c926e93b7e410ab1218b06953bb01b9dc55

  • SHA256

    ef5141474b21ef5be1ce725ee2dc8e8ee668475763ac76401d56bddf5d8820de

  • SHA512

    b2273defb4a3918c33f32e6037255333ed1dbc303f238a4d2fe33fdbc2cd47947906a39796baa31a9b1ab8c552ad7c14495d2049e19ba162ac1965f83975ce90

  • SSDEEP

    12288:VMr2y90C4ujH4LZkBb9NWeflK6HKw35RB4e9GrhvKwOf4bee5Yxh2vDtlLshT7:fy5XEOZ9YgzB4IGlvKwOfQhPtl2v

  Score

  10^/10

  redlinedizarockerdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1