Extracted

Extracted

• • Target

    ae5e97b1e5bd23044d1b95eb291975a4f4fbe0a17758ba8473bab80b1c3ad3c6

  • Size

    794KB

  • MD5

    6f4be7412aa153f28184670ca0b5fa62

  • SHA1

    b6f20b09b2e24ea21d401d3c61a2944170b9920a

  • SHA256

    ae5e97b1e5bd23044d1b95eb291975a4f4fbe0a17758ba8473bab80b1c3ad3c6

  • SHA512

    b3a5c11fa23bed1ca0674fd3d33b6cc30fba95426000e1a081ab4dbd770e34443c4874cc16663a0e64983c9116642491d2cd5434c28f2da514f031b10a7643dd

  • SSDEEP

    12288:kMroy90/CIZJYlhJfQi3saqs882K3nvWiQAifbfIoIWYDqjzKIYB:UyaGD+i3tqsDGb+WhjzKIYB

  Score

  10^/10

  redlinemaximetrodiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1