Extracted

Extracted

• • Target

    15325dcde0071806cd0eb86efaae81c4fc2b2ff62c8a815c7052e4aef03e2268

  • Size

    778KB

  • MD5

    2b0d1c9944dc888136e08e03bd8b229b

  • SHA1

    14699a5b3182a9f0dd51bea22a91780cb41cf84b

  • SHA256

    15325dcde0071806cd0eb86efaae81c4fc2b2ff62c8a815c7052e4aef03e2268

  • SHA512

    14fa3b372331d8b330df2516336dbda2e87b71cf6f12691eb09027b6fb01224a883ba49bd4241a89334c920b1161f971119c9951e373c04e8ff146a00327cb39

  • SSDEEP

    12288:AMriy90s7yMNVkPQh2P4A5Rs1NPEaA0Goxb/G2FUOJcQ0uJtDvAmA4fAMK80g2c:SyVunlJRWEki2GzQlHEmr88vd

  Score

  10^/10

  redlinebraindusadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1