Extracted

Extracted

• • Target

    bd7dc29769774a02d65d61f6c01e8c5e4e5f141f9a13357ff2f30a750a799fc9

  • Size

    777KB

  • MD5

    5993787919daef85ad9d535c9243f522

  • SHA1

    4f2ba7c4a5e023897e28b9924f486286a53ec716

  • SHA256

    bd7dc29769774a02d65d61f6c01e8c5e4e5f141f9a13357ff2f30a750a799fc9

  • SHA512

    eb513e2f2b2f0dce93aa5008a4d19be73d58261a13d831eb13108389a7cbdba4fba1a2c101e7d31270c1a80b9489d95167a6b71b4651177a901b58ca2c33e547

  • SSDEEP

    12288:mMrKy90As9eZlfRQOI7/MbsG3gyQZ8Nk0xcjaEsaqLrXzEDZAYAhZbYJ:4ysQZlJQdTMwagy7sKXzEWY+g

  Score

  10^/10

  redlinebraindusadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1