Extracted

Extracted

• • Target

    3be039ace4a575800f992ff3ff146e2fcb30027395726da1657d6be8f4987af2

  • Size

    899KB

  • MD5

    b731a601123da1533cd94eefad09299b

  • SHA1

    c2268dfd36bf1f33632409327a5f2db90503c4cf

  • SHA256

    3be039ace4a575800f992ff3ff146e2fcb30027395726da1657d6be8f4987af2

  • SHA512

    0ac04ac380aad88f35743d9274652825ed86ac2d9aaee9b7fa5a35b63b76fcac3c26749e156f4f5b338d03f96ca8cc2b057c1b3dc4b522238ce2a5ded89415f3

  • SSDEEP

    24576:SyH/GiBt9qEUod9oW4UMhj7ZlMK69kTKrf4dC9t6hbi6v:5e47JQZjQ94K74MLAb

  Score

  10^/10

  redlinebrainlusadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1