Extracted

Extracted

• • Target

    tmp

  • Size

    778KB

  • MD5

    c402caf67560e8bf41bda00e32d529b5

  • SHA1

    1c851ea332fbf950bf8d0ab7317d09d1608d3520

  • SHA256

    e8459ad30b04379c618d96dda52771053190ca525685df43be50749f506f8729

  • SHA512

    fe1223addf73647036809773fa1567a863916418acd88433c06055ac320875e6926e2d7734c601f40f55c5cbcef48b7bc8bd6193f1fd7bfb053d75bdc170a776

  • SSDEEP

    12288:mMrIy90TCXAgDKa28Azvn590EBaMbUG4sG8Kajd8D500dDdWFtYabQrD1Ao6p9Vb:aynOu0vngEBrUG4shD0dIFGLKokN8I

  Score

  10^/10

  redlinebraindusadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2