Extracted

• • Target

    f9a74c4f0566f6f2095cb8224c2e76adcbae051a1d0b649e0af3eccb1d468787

  • Size

    838KB

  • MD5

    8d6b247e8d3fb7f100eb8695b4acaf77

  • SHA1

    03844f5ca6a7f9203825724ac4e32ccb369b31b3

  • SHA256

    f9a74c4f0566f6f2095cb8224c2e76adcbae051a1d0b649e0af3eccb1d468787

  • SHA512

    ea374fb0007f0021b455d7c80bcf74fb77250fe330164932ee33a6c2430c255ee8ff5ee1a6f89679c22e0347873f8714a044101ff3402c8f6230f9f748e82db9

  • SSDEEP

    12288:YMrPy90m6K8CXPSdLcidfTYCO+rOnbtRwTHakPutNp16eYLU3HSEdAgCC:3yJ6PCGc2f7O+YpRM6quPrHwcRCC

  Score

  10^/10

  redlinecrypt1infostealerpersistencespyware

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1