Extracted

• • Target

    SecuriteInfo.com.Heur.17155.13989

  • Size

    1.6MB

  • MD5

    3c2b4c4920ccbb7456ea0539e596948c

  • SHA1

    948ad5579c0aef35050ec330ce954bc84cfe2559

  • SHA256

    3c3bee00c300584717e1c307e690d05ab1c6c98428d83ca0d4285fe24a9e1015

  • SHA512

    397cf6a365ea609bfbe47868009081dd13c1662b4de2580e86d46de4fc4ec64263d36cab77329c7142acf7c7ee151eae44f86a394d526d8907a9da0724a92322

  Score

  10^/10

  redline5kmaraafterbuilddiscoveryinfostealerspywarestealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2