Extracted

• • Target

    nuke.exe

  • Size

    279KB

  • MD5

    d0cce7870080bd889dba1f4cfd2b3b26

  • SHA1

    a973389aa0908d7b56115aff9cd4878fbd9381f9

  • SHA256

    8ff3039072ecb32c50f446d6857aceef55547486f0572fe70feb5b1fa4c4727a

  • SHA512

    5fde0ed0ad44569d290972f336d0ca29c38f49bacefe7ba974cbb17d6db7a1a57a8e4f8618f438820c2ff386a6b9c5b8b702c24ee8718cae51379d1566729548

  • SSDEEP

    6144:imUMliX/k5k646sOcT86ISrQdoBX67Hgo2TWD:AMl6Y/fyQdWeHgo2a

  Score

  10^/10

  redlinediamotrixdefense_evasiondiscoveryinfostealerpersistencespywarestealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Downloads MZ/PE file

  • Drops file in Drivers directory

  • Drops startup file

  • Executes dropped EXE

  • Impair Defenses: Safe Mode Boot

    defense_evasion

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unexpected DNS network traffic destination

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious use of SetThreadContext

  behavioral1