Extracted

Extracted

• • Target

    65b3a8f8588a1b06c9e27a81647ea368634994596f9877e1bcf8cc455ed87ed6

  • Size

    624KB

  • MD5

    803d0cd373ceb8016ce5323a3c5fe1a3

  • SHA1

    4907950c2bc773d41645bc85b5da3cf745a3e701

  • SHA256

    65b3a8f8588a1b06c9e27a81647ea368634994596f9877e1bcf8cc455ed87ed6

  • SHA512

    8ff49d9e6276d4160189ed9e1eb0342baeffa1993843bf7c0c05199505ceb67cee01b46fe65cec04e9127ff56117ea499e7b387d48615286ba5f09b6a38f30f9

  • SSDEEP

    12288:BMrdy90bSmEqtwhsbsVPLLevSYGmv3SmIJs6Yj+phqbHs0A:gyqnBqOsL2JGhE9EgZA

  Score

  10^/10

  redlinebraindusadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1