Extracted

Extracted

• • Target

    08103299.exe

  • Size

    778KB

  • MD5

    7b76ea461af30c0e6daa509ea5f32934

  • SHA1

    73cf9c2ff689c4d1ae4ae8f7b73a6ccc0c0e0f56

  • SHA256

    2d7aaf2f66fb91151db8483eb72cb533e5c87fb2cb7a38abfd4676c0188292cb

  • SHA512

    22db71cd5745b2ecaa1e999dab94066cb778f7a18e28f1d3c021fab25f4527573224bc8c736379314a94d4d56ca0f0dc2cc0071c1c9c7a761619cef6453400dd

  • SSDEEP

    12288:9Mrty90tT4jN9tgrG96TB5CIlzg2TxleAoea7DEA/6rWOc6+rqr:Uy6kjN9teu6TB5CIlzgArza7R/4x+rS

  Score

  10^/10

  redlinebraindusadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2