Extracted

• • Target

    tmp

  • Size

    878KB

  • MD5

    f221c06953a4fa1b25d42e34c34d383e

  • SHA1

    2830b735d7b26bce4a2e169b28d7b674a08e6e45

  • SHA256

    5166ac823f2d02351bdc7ee1787d3ba6bb6c15a79f27f3e7e7bd93e8f41410f8

  • SHA512

    00c65c5ca34c8afe83367019696c2fddfebeb596837d97ae428b66a49172ceb889c7b1cca5a95ddfa8b619abb27bcb475cc62b032dc7db17ed2abb89ea15f2c7

  • SSDEEP

    12288:v2iNWQJsgW2DuJ/lwmz4aidxGcX6J+1mW8e6XR78jmepZ12os43xmI8HSQ+3VH32:v1GgWuuJ/Gmz4air8Y0e6NdKZEb

  Score

  10^/10

  redline491discoveryinfostealerspywarestealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2