Extracted

Extracted

• • Target

    0ce691406698d45d203be051c8dffe9bcd97dd4530f43e7b1e67363880a8465f

  • Size

    779KB

  • MD5

    a667e4344e896e4e9d46d0cd51bcf81c

  • SHA1

    5872ad04374013b8c68c206fb948b195d860a408

  • SHA256

    0ce691406698d45d203be051c8dffe9bcd97dd4530f43e7b1e67363880a8465f

  • SHA512

    ffe3e677a4c32e1e4304d93e3a65f3383becf18e5a3090073e164d287cddfc49e0c212ef6401a15f879dc1a30673de7db99c8be08e3962a426ae09b432d4f9a5

  • SSDEEP

    12288:uMrCy90RWYyz4/F/bEit6fzC0nZZxPUXqfP8Vdx40tQQ1WrcO0O2dtroS65i9nhC:Ay4k4h3ynZZxPU6XMx45QycVlBoSxfY

  Score

  10^/10

  redlinebraindusadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1