Extracted

Extracted

• • Target

    07882099.exe

  • Size

    780KB

  • MD5

    03b7546a7b9e9e87641141563329d93c

  • SHA1

    08efab3b93ba546348f2114137916f5b30f97a06

  • SHA256

    6b406f4b572ac5348d0e3059280ae1ab50e92dbc42355b7681c73ecdbc89da7d

  • SHA512

    e12ce25e8d8fe54837d8b0b99553a8219e5d2d7634c88b4270622ddd29f36e5bedb3ce1176fac14f7a5cf8761a6965f5d05cc958e2dc3446d75ca229c33bd2d6

  • SSDEEP

    12288:HMrVy904fkg31/LecvRDpFLcem4WFDXnx+I1V4QkUhkDZAtYf2LAp:iynZL5vFpFL9nWFD3xN1V4bUhkmti

  Score

  10^/10

  redlinebrainmusadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2