Extracted

Extracted

• • Target

    f9afa401754c94d3321dd3193565ff7767a6beeafebe18332540047b27277a55

  • Size

    756KB

  • MD5

    3c07ee90ad6d2631f1bf558713182e81

  • SHA1

    5efa7139bbd4e5989ef8e7b5c7d653b20631a8f6

  • SHA256

    f9afa401754c94d3321dd3193565ff7767a6beeafebe18332540047b27277a55

  • SHA512

    8e2ee464604d40ff7480070447301566c0b406b872fd647909f7dae03bf47e6729007bb2b659fee6baf90c653ca21175a077be3c3164b61f82128b2a53073b48

  • SSDEEP

    12288:0Mrny90i0qlSE0rTAPNzSiG7iEHktPn1akMIOb9iZH/xMGkZnaQ93oAcaUiurdB2:ry1tfuTAgjktPwdIOpCfxyoZaWxBLw3R

  Score

  10^/10

  redlinedarsgromdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1