Extracted

Extracted

• • Target

    757e8f8597d5ccee67ad3f1e48a2adf371f26ae1720013052ece0ea1adea4dd8

  • Size

    764KB

  • MD5

    c5f101f93e02c2b978685b69061470a6

  • SHA1

    5ec41ad3f2943b605f9c216063ffc8fd1b11f5c6

  • SHA256

    757e8f8597d5ccee67ad3f1e48a2adf371f26ae1720013052ece0ea1adea4dd8

  • SHA512

    3eb0794595c8810a5f8a4eabd8515227b59ce7a9b5c707d513549af4625152fd22d29e157900e15d9821ecfbf85d87637ab0499174766884a3a2633f81a1105b

  • SSDEEP

    12288:oMrIy906V3eCV48VcG2wy/9bagQMlvpEaBeIK6OIxzyh+iPxG5lFh:gy3NcIO9baevp9en6Omzyh+i5ilFh

  Score

  10^/10

  redlinemaxisherondiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1