Extracted

• • Target

    Installer/Setup.exe

  • Size

    4.8MB

  • MD5

    e802a10b92d452355473e7098127cd6a

  • SHA1

    fcf838237925661f674be8b121c4989c091ed9fd

  • SHA256

    ffa88e2f4c4cffc25cfa7e87f7b8685e5e31f3dfa372e9e0a4c5d85f880dbb94

  • SHA512

    b5f2255f8507b9c5fb1671500c6a1b4b3a34428552e494f8c4a6a9713304c18d79a930f6b3716971c903c4cd79a681b5bc998cff835b2e5794cc081b2ca27128

  Score

  10^/10

  redlineytstealerccinfostealerspywarestealerupx

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • YTStealer

    YTStealer is a malware designed to steal YouTube authentication cookies.

    stealerytstealer

  • YTStealer payload

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Suspicious use of SetThreadContext

  behavioral1