Extracted

Extracted

• • Target

    e040eebb624a7d769a54caea3350554ee4e08acdbbba8360737b988d242c7b4e

  • Size

    770KB

  • MD5

    8d966f40b9e011a255ab985bf3ed0844

  • SHA1

    18318f757381fc5d8c2f41b852229b22e8c421be

  • SHA256

    e040eebb624a7d769a54caea3350554ee4e08acdbbba8360737b988d242c7b4e

  • SHA512

    a716f7d38133a42cc7ca909ecb8e0b250ddb03628659f9e38fe351c1614811061f5a0895a7698531f0ae71d70260ea82854d994ac98ef013699cc080b68a8955

  • SSDEEP

    12288:uMrXy90x1loegYcxctKGM7TvY8NHvVoU0mRbQI/zFcguu5paOYMP+cEJ+jaMiO4N:By7+tKGM7TvOUfNQDFuyOYjRJbMWf

  Score

  10^/10

  redlinemaxisherondiscoveryevasioninfostealerpersistencespywarestealertrojan

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1