Extracted

Extracted

• • Target

    03c37c6356f0e01967e28029a0b549a8.exe

  • Size

    592KB

  • MD5

    03c37c6356f0e01967e28029a0b549a8

  • SHA1

    09e8be08306f9e2bc05f7cf0536530d30396444a

  • SHA256

    55821e03c90762b4b02478d1678df88db7a0611f14fdd3a74b51ca17df1d5bb9

  • SHA512

    af7c012133d26ad8a7a65df978186622a30a64412fcfa8267f2dd8b741573535cc5910f928fb5f1cd3e4ed0bfc297d871b316629e43310f1e4c7bd7123772528

  • SSDEEP

    12288:SMrNy90iEt8X3YFM5hCLh5zuOB4n+4/AYjx/Vr+uEM:3y48HC+hguVn+4oG9Vr+uEM

  Score

  10^/10

  redlinedizasherondiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2