Extracted

• • Target

    201a75533e813778f5278f107505b384

  • Size

    279KB

  • MD5

    201a75533e813778f5278f107505b384

  • SHA1

    8523f543412b6f628011b748543f9de462229185

  • SHA256

    0ebf44ed5f0614c08d4e5f25fb08cd33fa5ec7baa6a5c9c4c19d41dbf3e9df08

  • SHA512

    f141453a0c6ca377a32dd764f74e2b2d66ac0db8f839636975b6e16cbb2c4305793a457adb296c7bbc93d6468bf3f0996b648618c7b2aa424a1df6f66f9cd2e9

  Score

  10^/10

  redlinemastifagilenetdiscoveryinfostealerspywarestealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine Payload

  • Obfuscated with Agile.Net obfuscator

    Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

    agilenet

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2