Extracted

• • Target

    Google Play Gift Cards Generator And Checker v3 By X-LINE.zip

  • Size

    2.6MB

  • MD5

    32c6a5bdcc614611364576ebe2c7e754

  • SHA1

    a3d7308876f7025b9a89b920ff95085d565f4478

  • SHA256

    84647ec81d76528fac8b78b96a7c2b7b57ada2f979739bb114d8e91b84009546

  • SHA512

    e5bef3719c0f9dd0bb6ce10ed83d8991f813bbb89662c89073bcc1e277f29169569c29a3398ec2f60c7c6316074d92a4ccebc43e00947f307878327a8cfa70d7

  • SSDEEP

    49152:y+GKlqHgWaBiNqe/g1OfblYt7bqDJRF3g2M9RWgIGZyp:yhKlqHzjYwfa94fm1IGZW

  Score

  10^/10

  neshtaredlinediamotrixdiscoveryinfostealerpersistencepyinstallerspywarestealer

  • Detect Neshta payload

  • Neshta

    Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    persistencespywareneshta

  • Neshta family

    neshta

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Modifies system executable filetype association

    persistence

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2