Extracted

Extracted

• • Target

    78bd27f8a24689cb48d49810462ccd3986a93b1550bb6b65baa7db89f261b823

  • Size

    754KB

  • MD5

    20b599ceef15e20ae784c72993603e12

  • SHA1

    4607e2cf541f7211447ce47f161b237d99ff09a3

  • SHA256

    78bd27f8a24689cb48d49810462ccd3986a93b1550bb6b65baa7db89f261b823

  • SHA512

    bc5b6f3807bff6c0cdf345d42e7fc9b991d4caaff4b838b9a778c6961331a643192b96b34b76beb9bac2719609b1358b6d2429a38162d57cf9a54af31430ef6d

  • SSDEEP

    12288:tMrIy90LL7E/DlpWwOfrFtbSQt6b/04jDI3Jopb2YtkDTiA5V4vjrhR26c4hA9pV:9ywLcD/WfOC6b/033JopbYTiw4jFWs7c

  Score

  10^/10

  redlinedarsgromdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1