Extracted

Extracted

• • Target

    bc0d4d011c182206196d0443d42912eafd5a263dc38c2360d834836d77eb8648

  • Size

    754KB

  • MD5

    69377b4d201a163f17029293eed010a5

  • SHA1

    0ae5475dcb3c6a0e43ccf01af97d38c08ba0ec0e

  • SHA256

    bc0d4d011c182206196d0443d42912eafd5a263dc38c2360d834836d77eb8648

  • SHA512

    74a936d53437563f9a1bfbbce9bd69a8401330a74bf42baf45618feeb76850ac756db2a2073dbcab315f0e9a9115c2dff31a0749647e63ad24ab346ae60b3875

  • SSDEEP

    12288:uMruy90WQQInpIZKenZ7pjQb8PsRacUavBGbdylYcqbg+b9Py:Qy4QInpeXNJQJh2bUYzMg9q

  Score

  10^/10

  redlinedarsgromdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1