Extracted

Extracted

• • Target

    6652e93504921a93097f6e19f3e8f51ebf6bdcff9f73234caf6f091dce883c9d

  • Size

    778KB

  • MD5

    d521c21443558d50dd1eaa830654e6dc

  • SHA1

    16b9dec9b3d4541cc8d6193327fe27208dd2f25d

  • SHA256

    6652e93504921a93097f6e19f3e8f51ebf6bdcff9f73234caf6f091dce883c9d

  • SHA512

    b2246e7e47f55a28f70a24281d5cebdc40924bc629a8db2d923e6bb71ad258f3f6d276f9b3b5a746aa755cda35650aa0a0c80a8db7500349ed7913486a2a2931

  • SSDEEP

    12288:IMrTy90Xw0igLWA367KB5vebV/J1fw3z8WyX+k/bOQ4NY2ntHc9lRZ0d5PaZGP:ryQWAvGdgmX1an9+lsd5vP

  Score

  10^/10

  redlinemaximetrodiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1