Extracted

• • Target

    a3111c47c0b8cc5405b80e0fee672213.exe

  • Size

    815KB

  • MD5

    a3111c47c0b8cc5405b80e0fee672213

  • SHA1

    919e1912ade8b9891f6482fd1c2ded0b85361d0d

  • SHA256

    1d857a8ee0c9851c6ddcd0dcc0ac0057e772f152883762ffbf50457b6c463fd5

  • SHA512

    b3976e6e08602ae921c086a1246c46f5fc8a3fc93fefc72d01c75f50d13ec9d7b07f87981af504c9acef52f7b9cff6dbb33ef130398099a755adfddd5639e849

  Score

  10^/10

  redlineadscoupongeneratorv1.0.1infostealerdiscoveryspywarestealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine Payload

  • CustAttr .NET packer

    Detects CustAttr .NET packer in memory.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2