Extracted

Extracted

• • Target

    02c7fb25d7187c733d0d9a05ef52c6eb9e4a63134531aa207110a9a0cb2fab15

  • Size

    519KB

  • MD5

    0df83489d4eb4ebad16b438ada72977c

  • SHA1

    c46b30f7c13df06e87be225938e678abfc728bab

  • SHA256

    02c7fb25d7187c733d0d9a05ef52c6eb9e4a63134531aa207110a9a0cb2fab15

  • SHA512

    7804b3a7a5a16e432a9375cd8940a22ff212a984364f38622b50a4a8af9ec452ee72962fb24a542ec24a09c689ea54aa189795bf01b52344ac78c9fd8e5c1d42

  • SSDEEP

    12288:sMrey90RarJUF6sxWhEt1S/Fo4aZ4iq/NQcKFl:ay7rJUFx89FLaZK4l

  Score

  10^/10

  redlinecryptromkadiscoveryinfostealerpersistencespywarestealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1