Extracted

• • Target

    1F7FA790B1FA8BD15FFDEB5F1F910BDD8D0042391580E2AB8685324C0E5A8F76

  • Size

    2.5MB

  • MD5

    3b460c4451b08595d9214a075b98d79b

  • SHA1

    5f24c94c338e1c44947a3aadb552e6104e5cc026

  • SHA256

    1f7fa790b1fa8bd15ffdeb5f1f910bdd8d0042391580e2ab8685324c0e5a8f76

  • SHA512

    c276e23829b6c7f776161167788f8e8b634a6022aed9b27872424b7b263a60e8eebf5ba07fb79d28b7562c146326727df9ec35cfa5f8999cc2c779bceebb8175

  Score

  10^/10

  redlineinfostealerspywareytstealerstealerupx

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • YTStealer

    YTStealer is a malware designed to steal YouTube authentication cookies.

    stealerytstealer

  • YTStealer payload

  • Downloads MZ/PE file

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Suspicious use of SetThreadContext

  behavioral1behavioral2