Extracted

• • Target

    853224ac39d813dbb9e806ab0c12f04a.exe

  • Size

    5.6MB

  • MD5

    c912359df1edfea3b02e6f05925ecd1c

  • SHA1

    b08421bb53fa7f1bc59410e73b931dc5122933c7

  • SHA256

    5a07bc69ad4a2437e2a2ee9913a60fc6f147a895ea5d82bc2c1e3103a0b54454

  • SHA512

    ccb583e7e8376d12a8b90437c128168eb44923a8ad65bd8444430028b076a73cf2c8e0becab5b24141cfa68d052f31f1919e6598c614f85e3bd5f6102fa663ab

  • SSDEEP

    98304:/fgtQICDtPfeE/jowqK5LN1KQ0oTh2M9QrABlolllOr3pDqoGZvVYmj:/yQICteErownP0oTcMsABqlglMZlj

  Score

  10^/10

  redlinefavourdiscoveryinfostealerspywarestealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2