Extracted

Extracted

• • Target

    9808c845aefe8b789d6964c5f4543012fcd300263230f64bd627c5d2d445aa76

  • Size

    772KB

  • MD5

    7c047113ca81c0896fd1046dbe7e95a7

  • SHA1

    2ac2852698db2aed7b3197d8d8a01906d70af6e6

  • SHA256

    9808c845aefe8b789d6964c5f4543012fcd300263230f64bd627c5d2d445aa76

  • SHA512

    439f2518c51423a60cb419646ca782fe19f15d036560ecd3514b0822071dab68f25362c1a61c97465a4bd1c693a24afe6d31d7293e488d3733a055e701ed0c0c

  • SSDEEP

    12288:LMrjy90cHwFGyH/vNyO55FS9AxdW7X+TBJYQftD2usmTm6c/LrA+35Ubnkoq:cyPHwEaRvFS9aW7QYQlDeL0wloq

  Score

  10^/10

  redlinemaxisherondiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1