Extracted

• • Target

    file

  • Size

    2.1MB

  • MD5

    d1433f5b2eada044678af57d87ee31e5

  • SHA1

    0493152ee8d18335fa5043be0f80d12331f2ea00

  • SHA256

    95702883e883a7fa3f7f20ecf6713b03cd00469644d777b73f36351db97ef3c2

  • SHA512

    80dcff2d4e4001d8adb4eff0963921e4335c80bde476492996e74762918663bc84627ae9ca73023f75f799143d3101939ce0a599fafa164f9750481e4bb680c2

  • SSDEEP

    49152:V5OaOl3UYvrbFueD40EJbAXOUghn/WsAXZ//t:V59Q3UYvrBusTM8OUgNLY

  Score

  10^/10

  redlinelogsdiller cloud (tg: @logsdillabot)infostealerspyware

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Uses the VBS compiler for execution

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Suspicious use of SetThreadContext

  behavioral1behavioral2