Extracted

Extracted

• • Target

    e3b4dc33b1662704f38ce0e7d84ae3c7404222ab8ccccffe6c31422c3267e49c

  • Size

    753KB

  • MD5

    9915852e18be10e773eee9c2b6e7734c

  • SHA1

    8c77f3e6383e9eb8a56f4c49ffa28da179a8ad50

  • SHA256

    e3b4dc33b1662704f38ce0e7d84ae3c7404222ab8ccccffe6c31422c3267e49c

  • SHA512

    3274fe4d021f25505498701a365372d6628f7175a19fb42a335999f26814ea4289fee1de2215f9eb5848410e6c359663e9eda5b3e36264ae5129302e47daea89

  • SSDEEP

    12288:0MrMy90uLLDObl5kkMhexwGdoUhDfrRXGpapwIx4+sRckuOFgs7Nm/jdXt:wyvLXml5k7endoUFfFXGy4B1tFgs7mjb

  Score

  10^/10

  redlinedarsgromdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1