Extracted

Extracted

• • Target

    ca8cfdc132504e34f41a725d4594565dfd5be8939a85d3dc3a276c271e2c629c

  • Size

    778KB

  • MD5

    09dd312b054db8c9df2ee46e271b30e4

  • SHA1

    246f8604ea83836b8d8e7bcb88eeaa4bbaa7a03d

  • SHA256

    ca8cfdc132504e34f41a725d4594565dfd5be8939a85d3dc3a276c271e2c629c

  • SHA512

    3cbdb3aed07953ed8d0848487db65a8251e20f02b61d23364cac6682f34322e9a70db28f53dff7657c6d46c805d8c29b026b613d189aa797926112b89474f24d

  • SSDEEP

    12288:HMr7y90DdP3MP7ubf2dryhLzspSO8GdvnPFU7RMQiolRp095PE9s7:gy8CSMrULMdPF2MQiolY95ws7

  Score

  10^/10

  redlinemaximetrodiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1