Extracted

• • Target

    cf2142b71c02cebf4aca8910971c84f52b7692fdc6c7bdccebf8c93f6c9aca1c.exe

  • Size

    919KB

  • MD5

    0df7144ed5104422c08fe0b6de1e2452

  • SHA1

    665ac4c2866348f6b31482a410b1047707599409

  • SHA256

    cf2142b71c02cebf4aca8910971c84f52b7692fdc6c7bdccebf8c93f6c9aca1c

  • SHA512

    728e0f8c6e92c003813ac67895d05cdc944f172d444712ab101c8aa3d65e38715bf205dc6eeebedeef0b45400569f6fc41ab297c1610c9295cdfa8a48dbf7374

  • SSDEEP

    12288:emxlloFX4YHwjBZXJ7HZAO/DrpDAmwySmAa5D9iX5HV/o7TcCiP0wMlP7r9r/+pj:eWlQ2HJzmO//+a5D9q/+TcLl61q

  Score

  10^/10

  redlinereallogdiscoveryexecutioninfostealerspywarestealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1