Extracted

• • Target

    B59600E131D839BCA09180B6A1624EC0C8ED6A89F7B5F266E00D466A08BBBF50

  • Size

    2.4MB

  • MD5

    eb787c21d13fea35fdef02a4108a3837

  • SHA1

    e49bdd16b109886c7bec44945dd442b815c85540

  • SHA256

    b59600e131d839bca09180b6a1624ec0c8ed6a89f7b5f266e00d466a08bbbf50

  • SHA512

    612e2428af924cd5f666542ddcc2842fbda8691de6659a9a7ea50f7d28ad11bbbd8a36772f0ab3dca6be86f29876ff6a12cb6e635d9a8788a9d4a50d8891ba64

  Score

  10^/10

  redlineinfostealerspywareytstealerstealerupx

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • YTStealer

    YTStealer is a malware designed to steal YouTube authentication cookies.

    stealerytstealer

  • YTStealer payload

  • Downloads MZ/PE file

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Suspicious use of SetThreadContext

  behavioral1behavioral2