Extracted

Extracted

• • Target

    f354b84d30973c64b5549e58fd2e91dc460dbb69e1a1c.exe

  • Size

    792KB

  • MD5

    78643cf992ed21061c79a4ddaf76eb95

  • SHA1

    bf2f51145eb2132f4a1c68423b6f785d546549a4

  • SHA256

    f354b84d30973c64b5549e58fd2e91dc460dbb69e1a1c50ac508e4a94d2a45a4

  • SHA512

    886f6362bfe514eed65e0e3e2c6c29dea9702a640db37a3159ad610259b24ff36dc3e3e08833c9aec2f82505bd5e9206648af4f6a14795b800811b50e37ca32d

  • SSDEEP

    12288:bMrSy90Q6hA+Rbg/8KTzXKAzPB/sYdpih0AshHjDEjuuMl1Ku3dSW6DGezyY/VB:dyghA+xhAF3m0dRUMnKu8WtezyYdB

  Score

  10^/10

  redlinedizametrodiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2