Extracted

• • Target

    bcbd2fe43df8ff15d3e4503438a54951.exe

  • Size

    3.9MB

  • MD5

    bcbd2fe43df8ff15d3e4503438a54951

  • SHA1

    2c3848c520573916606777df889ab7e0f9a84ea3

  • SHA256

    dde8987c6126117794a9922ce253a735bd113100a8e56412b518bd9349e70d83

  • SHA512

    b72ee7273a6869b0f90b35a6e944c2c92030d3a219504e70ceaa843b592ef97331cc621c4bf0aca2daa78017b94a0402211c7d2f0becca7926ee97c30be3959d

  Score

  10^/10

  redlineytstealerinfostealerspywarestealerupx

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • YTStealer

    YTStealer is a malware designed to steal YouTube authentication cookies.

    stealerytstealer

  • YTStealer payload

  • Downloads MZ/PE file

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Suspicious use of SetThreadContext

  behavioral1behavioral2