Extracted

• • Target

    5f410355e3101d5a4e7abab50397539dbd383eb8c6dbfa6635978fa72f4825b9

  • Size

    54KB

  • MD5

    bf3f098255fe2c23b9135409652e72c2

  • SHA1

    a8ec905d04c72ec2fa4099fafa2fc29caa8749a7

  • SHA256

    5f410355e3101d5a4e7abab50397539dbd383eb8c6dbfa6635978fa72f4825b9

  • SHA512

    67dee018ca82b424d6607f79a2978a2727d08b1ca0495b6099eb2b493d5981d7b9c98d8adeba10272208ea7136339d239733b997636554179dda6771cf3fa9ee

  Score

  10^/10

  redlinekistacollectioninfostealerpersistencespyware

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine Payload

  • Executes dropped EXE

  • Accesses Microsoft Outlook profiles

    collection

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1