Extracted

• • Target

    SecuriteInfo.com.Trojan.PackedNET.1505.12146.16948.exe

  • Size

    2.5MB

  • MD5

    8f121ef56e6402c471c0a0e9dbb7f1df

  • SHA1

    cfedc01390dddaa538004e5e5ba5303e58ccd837

  • SHA256

    1478dd1a798dd70f503833edaa09b3ff8ae4cb1c4313fbc842686c0b1dd909ff

  • SHA512

    3c8aeb90a08e1138b1e4b98ea3d96222fa74e1aacaf4b50e7c0bb806f47b79cf7ea4b8d7d2cd8dbaab87171b9ade08b98c6b4566c02503de92e80e3acadc43e3

  • SSDEEP

    49152:C8BmdIe8LVUOE3krg44W2qRqguN/I7X3cvS7oS2H8:IONLrD84IqRHn3cvS0SM8

  Score

  10^/10

  redlinez2kdiscoveryinfostealerspywarestealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2