Extracted

Extracted

• • Target

    33880f8c6bbb9dfe3e1cf1c5383ef0e1.exe

  • Size

    793KB

  • MD5

    33880f8c6bbb9dfe3e1cf1c5383ef0e1

  • SHA1

    3c7e7fcdb81f85d4749d19caaa223a9fb0f32b1c

  • SHA256

    1a357d5cf7631ee65676a5c822f4dc7b9643f059187b44cd74ce13eebd67c486

  • SHA512

    6a865da5526ef740166dafa9860464af935c0d8b49c8a726c80ec760b0bb0d6a96d7d2922eb340ca8c2b3bfeb868d4fb317f2b7eed4a493e75d081e9e596a624

  • SSDEEP

    24576:uyhfEwHvRplGofB6G2oZP6iSpIbJWP3C:9hfEwHvRplGk6GDVSCsP

  Score

  10^/10

  redlinedizametrodiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2