Extracted

• • Target

    file.exe

  • Size

    1005KB

  • MD5

    e150f91742838997639edd06a1c44ebc

  • SHA1

    08277d382d8cedc9a56abd6feca7a58f866b6519

  • SHA256

    23cfd8c9a0984ddedc9c97cb9effaf1998bb44110a4c490924109a2f0bbbda02

  • SHA512

    d2cce7fe2130026dd2a53f74c06b1d37700928ed6ba91ff501fff0910f5861760822fb1b2a24e1e4fa5ce213772a09486482280b3fb97ebb20b6437611f37bb6

  • SSDEEP

    24576:WU60uXt7oSXjDIfhjJFLLXv2wddwSFa0srUSNb:WUO7lPSRLLXOwoSw5rUqb

  Score

  10^/10

  redline0809_0x00infostealerdiscoveryspywarestealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2