Extracted

• • Target

    photoshop.exe

  • Size

    4.7MB

  • MD5

    53db74cccfa08badc51bbcf2aa9fcbf0

  • SHA1

    72eac60ae7d95e17bd4dbf2bc9da1daa802111a7

  • SHA256

    7be64a3fd654b4217c6cf82e6de8fa45e30555b58e7422d77ab49da2f6a10a57

  • SHA512

    0d7e22f6a766b8c1d5d72c250c59afb2127032f2312efaaad114ffe8bc12edcbb5439735b43250a2319cd5473f42b9b2eba813d1d2c04f10ccdc78a60d02f8d6

  • SSDEEP

    98304:EVUbcy6CxW2J3fUnNUun1i5sVfyK0F5fQH7PXddgtod:EVUbjR5J3oTnes9yK0FUPXjyW

  Score

  10^/10

  redlineytstealerinfostealerspywarestealerupx

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • YTStealer

    YTStealer is a malware designed to steal YouTube authentication cookies.

    stealerytstealer

  • YTStealer payload

  • Downloads MZ/PE file

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Suspicious use of SetThreadContext

  behavioral1behavioral2