Extracted

• • Target

    5ce3e07185414336f21f58d714e9ea05.exe

  • Size

    346KB

  • MD5

    5ce3e07185414336f21f58d714e9ea05

  • SHA1

    33cf0ad9191cd529ee787cb88340c7838b9a60dd

  • SHA256

    7db1063bd97bfec377245750eee13f04b2e28bd906ab67b8df9d78e0b8d7b413

  • SHA512

    ea22dd15d4d80b916029de67c691d6e1f9eb9a6dd45266fa0a486dd8b29c9b6c0e858d5d26760d709943f41e9a7ffdee868c13fa6c854682e47becfa61a624b6

  • SSDEEP

    6144:RD9BXaCIFXl0LYSa4zHZ9fgbQGtb8usdCe9SZ8aPwzMzNCT:Rh9DIFXBKEbDtQusYrzho

  Score

  10^/10

  redlinelogsdiller cloud (bot: @logsdillabot)discoveryevasioninfostealerspywarestealerthemidatrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Downloads MZ/PE file

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Themida packer

    Detects Themida, an advanced Windows software protection system.

    themida

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Checks whether UAC is enabled

    evasiontrojan

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  behavioral1behavioral2