Extracted

Extracted

• • Target

    4dc07ab5d23f96c5cee1a0a8fffe5a33aa0c8ea15a72b3718e273d29f9a72811

  • Size

    754KB

  • MD5

    70a6d4cbee18cd4f947d68c877a621f7

  • SHA1

    b2cb6bc0d0f9d1d90daa24fb8237f8e264c91da3

  • SHA256

    4dc07ab5d23f96c5cee1a0a8fffe5a33aa0c8ea15a72b3718e273d29f9a72811

  • SHA512

    8bdba0b441384eecb8c35b39127a1ec221a2c97a41b1e4100656b8da63194b9fae7ef18cd14b88f309d88316b1d091a4d7734384fb5d1a48a5e1ee4d49e03d1e

  • SSDEEP

    12288:tMrDy90S0yNXpOLzOrtP0jTH7ockN+Op1+97nVguygJ5aJTN3f8cSXiT2Wgn+6:yyvNXQLGp0jL2M9quygJ50TNv8cS4mnj

  Score

  10^/10

  redlinedizarockerdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1