Extracted

Extracted

• • Target

    05518599.exe

  • Size

    778KB

  • MD5

    8ffc8044465ec57a726de6375343912e

  • SHA1

    e0a5ca10f2e389333cb2e6114cd9f054e98cb730

  • SHA256

    26e40756bcad6f1d58f3b1d80261918caa372497967bd87d3e817184a5284dc4

  • SHA512

    c294287a225739d08ba36b3f37050587c226603379d5837695d5e2b748a6c82436dc1a9d73ce870df2572d753574c15d4ce6adb896e13da20880eae5c33abbfb

  • SSDEEP

    12288:oMray902TbNqoulgS5MhdP9vE5yyBGrk5M8+D6AXAJF8j63c:SyFpqoulgS5MhdPWy5gmN3Xzr

  Score

  10^/10

  redlinebraindusadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2