Extracted

Extracted

• • Target

    9753fa449c2008a2342f394a4dc99b823ff1cbe32bf60b17359c2bd187f815a5

  • Size

    625KB

  • MD5

    dee48f6daec40f05233d5a2c59ff8d38

  • SHA1

    591ca6cbbb3ecdff4eb35a8ca409826943b35f28

  • SHA256

    9753fa449c2008a2342f394a4dc99b823ff1cbe32bf60b17359c2bd187f815a5

  • SHA512

    7c84cb960b9522a790c12f61411116f08c83175228f08ee7cceb6985b28167c10d405b3db54e9a2d985b0a614b18de047a952a9d085c30169c0d4c312dc0a648

  • SSDEEP

    12288:/Mrby90/TEyS91VOzOArUJe5Oaf5/gjMSxPBGniT8wEqHxrdhPa3hN1SKuonZI/N:MymE1AOeBNgjPPBGiYwEkxJhSxN1p+/N

  Score

  10^/10

  redlinebraindusadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1