Extracted

• • Target

    tmpsbmsit0h

  • Size

    700KB

  • MD5

    155c62e374f3cd624d9fdbc7e6cc680a

  • SHA1

    4cc119371a976c7f6f2d096c50da37686d79ae0f

  • SHA256

    7d2b174c017d61fcd94673c55f730821fbc30d7cf03fb493563a122d73466aab

  • SHA512

    63c0fdbca53e454c222c7035d723bc73dfd237f99781bdc7d14b18ad9a0587bed2ce66914a0a89ebcc05662248b1bfa3b93e5a198ded683ba73846d8247c760d

  • SSDEEP

    12288:GCm8O1EYZPU3zi2XqHnVnVhYw4nsxqWLwmCHmDjbBUlzj:GCm8CEQPU3zp6HnVo8qWL3CUjVUR

  Score

  10^/10

  redlinelast exploitdiscoveryinfostealerspywarestealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2