Extracted

• • Target

    92fbd52b8ff0bb08f29ca970c6cd0e51488c8bc956e86a40fbf6a9a173ecaa76

  • Size

    724KB

  • MD5

    deb0f3b739c1833a249a5d2f6f85d787

  • SHA1

    0b7fe66a2d4ccd0ff6762a771a5e1959715a6674

  • SHA256

    92fbd52b8ff0bb08f29ca970c6cd0e51488c8bc956e86a40fbf6a9a173ecaa76

  • SHA512

    3225b1d791805b718739573aec80486a6627fe50822e62b1232b8343bbb5f43ccf3989563afb60258498527a57a169048634dd740ee0200d42cbc3561f2160db

  • SSDEEP

    12288:kMrMy90scq0F2XbX2O1GN2yNvX88vdRIPIObrKCA5EIhAC5HiHn:Yyyq0F2XbGOGN2yp88vdRIwBtOIhg

  Score

  10^/10

  redlinefusadiscoveryinfostealerpersistencespywarestealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1