Extracted

• • Target

    5a27ad4b60e372164eaab414bac55dcda91f903ab25069594e967267e8812541

  • Size

    724KB

  • MD5

    80d0e74997c1c337805ad05b9aac0c01

  • SHA1

    1c14866a0e97451b922f9c62b88dfbc35d2737a6

  • SHA256

    5a27ad4b60e372164eaab414bac55dcda91f903ab25069594e967267e8812541

  • SHA512

    06a4b59ff6f0808915070cc76e04587d8b418baa7ca81d06c60cde6f3465ad1061d9603b9198a0f5a40583baf68f72bce1580719749e6fb9d06f94d0ce602cc6

  • SSDEEP

    12288:jMrsy90rzRXEiE9vgcfWTDHWSygKPCsQeJMhF9BQfGFA8Elh+C57Rk5Ep:Dyjpvhf0XKPCQQ9GXLlhSK

  Score

  10^/10

  redlinedunmdiscoveryinfostealerpersistencespywarestealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1