Extracted

• • Target

    start.exe.bin

  • Size

    357KB

  • MD5

    f00689d1936bb064e915253da5b9d0f0

  • SHA1

    94126b2448cd2f140d892eab9832e82161e225af

  • SHA256

    4a769984457abcc5b0bb2bceca85ad8489ae25a61e477fbe870e9ac7a09d3e38

  • SHA512

    7de6ebf819591f9fa71042740ba81510766896ec578c505b7c6dd19f0b18e26a8fa02e42a0c8dd50e79f9c362a095e54c8a71acf85d07546861e21cbf283d64b

  Score

  10^/10

  redlineytstealerinfostealerspywarestealerupx

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • YTStealer

    YTStealer is a malware designed to steal YouTube authentication cookies.

    stealerytstealer

  • YTStealer payload

  • Downloads MZ/PE file

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Suspicious use of SetThreadContext

  behavioral1behavioral2