Extracted

Extracted

• • Target

    1a0f4604b3c4d2a45c67bf58acae4a16e8912fbcc25f5b9f7f63cfdf6e59c9c4

  • Size

    778KB

  • MD5

    f330ad2fae996be2f38159f06971b259

  • SHA1

    15395f708d4213fb724eeaaaf40bbff0535f33e4

  • SHA256

    1a0f4604b3c4d2a45c67bf58acae4a16e8912fbcc25f5b9f7f63cfdf6e59c9c4

  • SHA512

    f6b9aeefa1b2eba200d27ff0f6ff2ac255a9e4d53e79e25253cf00c041dc8fc5fdbb863e5e61293736815dc7e671c09e3d4fdceb1e68c6cdcfcd1b1dc346aca7

  • SSDEEP

    24576:jyvuyH2uYuIHqMPf27VkGsIFVWflhK5AqJN9:2vuFmI6nWflEA

  Score

  10^/10

  redlinemaximetrodiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1