Extracted

Extracted

• • Target

    fc4d9a01008b07e628673ae3b59982156995c261b7bc2bacebf95f32ac263e2e

  • Size

    786KB

  • MD5

    eff7ffc22f976cf25577df6b3c1e7879

  • SHA1

    d2110b0ae4dce212b1e9687d4e0b1ebe5b3a7cd7

  • SHA256

    fc4d9a01008b07e628673ae3b59982156995c261b7bc2bacebf95f32ac263e2e

  • SHA512

    17476197f40fc453b863be702b384bc953e460700d291ad354edf6a8f04a4a47465938933730c028a632e1deb51618b2d563f2d6327faea502838aa2e34ba028

  • SSDEEP

    12288:uMr0y90d2AcoiqRoZ49g5m7fzx4T9Tjir5xqRrWmzuohVub2wqs3xHIGkD0g:2y02Aco/o6SI7f14Fjir5AFzFVGa

  Score

  10^/10

  redlinedarsgromdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1