Extracted

Extracted

• • Target

    99364f88da7a5e99d74b536dade91f5feb795a2db2969e708003ddfd96b0f82e

  • Size

    624KB

  • MD5

    4e9e3ad0c85a4e6a197afdc8725cf43e

  • SHA1

    d77ad1b6ed764dd36e1edba32a4e4f60cc9944bb

  • SHA256

    99364f88da7a5e99d74b536dade91f5feb795a2db2969e708003ddfd96b0f82e

  • SHA512

    576dc3d9a084a8e09f3a440352efb5a2bc2d1fcd49b0ced7448b6b4c3eeadb367843ac637f6a15d68fcf22702e0218d314ba0a38b76fb7dfc7446530907f57ab

  • SSDEEP

    12288:NMr5y900nxWyOAFTiEoROlYxZN9pUwSbVUdsOcqKi:YyJkmxzlYx/3UWX

  Score

  10^/10

  redlinebraindusadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1