Extracted

Extracted

• • Target

    5ce96c6762e9da7a13c689ae49b8a57d7ffdc9c35b91e4d2ede43a9c0911a407

  • Size

    785KB

  • MD5

    f28b96f1add0f2e42699aa20ffcca505

  • SHA1

    44af23761311bf75e751999b0fa50217505f493d

  • SHA256

    5ce96c6762e9da7a13c689ae49b8a57d7ffdc9c35b91e4d2ede43a9c0911a407

  • SHA512

    aae5e3f5c1028c61ee5e07d5369594264d572eba5a9891f110e31f3ec32aa39116ac74927f48b22f7119e8ee72c1174e5ab1f8a70616b3f93684466629cd694f

  • SSDEEP

    12288:9Mrly90zApjPwujv7yUQc4QV+e84c9Ud8XFns/x9/B/QxlPNR9LAVu6nwqs3xHvU:IyeKPwuaUkQI4c9UQs/x9/ehAVSP7I

  Score

  10^/10

  redlinegrommarsdiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1