Extracted

Extracted

• • Target

    39914137d1efd1175a0e3e0d2b682215dd58665550d12ff8697bf2d31d337947

  • Size

    794KB

  • MD5

    c9ae39c28dd93019186211a464e2e19a

  • SHA1

    cd1d209de4e202d82a671b787cd0ac9335631fef

  • SHA256

    39914137d1efd1175a0e3e0d2b682215dd58665550d12ff8697bf2d31d337947

  • SHA512

    4109c23cd4263228a269d8a527c10f501a9f68a083c2313fe0c4b0b30c0d292b3e6da8ac7187615eb37865d043b69226ea178a3462afdeecc4e84f8bfc2f5a21

  • SSDEEP

    12288:xMrgy90vw5VVJaMA47EbgSkPR7HmXGhFs6Gk6009+d1i3xwslnKWYD4ZztZI:ByD5VqMl4gSi1GXG7X6J9+OB1KW1ZrI

  Score

  10^/10

  redlinemaximetrodiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1