Extracted

• • Target

    077081409292056cd64db1b59d87aa20.exe

  • Size

    3.9MB

  • MD5

    077081409292056cd64db1b59d87aa20

  • SHA1

    0d1355049116892ff50f51644713e191cab962a9

  • SHA256

    b96e04e692837a4e53e4afeabdf02113d2a02831a0d31a0a4a4554d4fcedb58a

  • SHA512

    17b1a80db9e557c5241307ddb169ba27e2befacfac81e9e39085197cc02c0c04c0760b67d54deb743619f74353193e83c243ad3f583a6d9dc07d62988533acde

  Score

  10^/10

  redlineytstealerinfostealerspywarestealerupx

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • YTStealer

    YTStealer is a malware designed to steal YouTube authentication cookies.

    stealerytstealer

  • YTStealer payload

  • Downloads MZ/PE file

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Suspicious use of SetThreadContext

  behavioral1behavioral2