Extracted

• • Target

    152e377e630a9f676dde3ef11d41884af99726af69af12e0385348ad972b3970

  • Size

    776KB

  • MD5

    f87f992f761726b984b7005c313bf852

  • SHA1

    351ad717b39574c4e702aa1e21dc3dbf488cc5e0

  • SHA256

    152e377e630a9f676dde3ef11d41884af99726af69af12e0385348ad972b3970

  • SHA512

    efbf41b8b374422d7b52c38ac3a916407da6e987a6a6b7c292cc992695cc90e852c33bf07ee6f5a36722f145cd1a44ceca23035e66789af08bbe56db9e3fe208

  • SSDEEP

    12288:EMrDy90A+3pyTjHgLzGd/JlZiSSCJ4tzWI8zMJeRqT042ckXQtxuE9tmRS1sCZkP:fy1gfk/JlDnI8zMIY0tXQtxuE9t+AW

  Score

  10^/10

  redlinemasadiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1