Extracted

• • Target

    7048e3a317565c358dcbf27b24abaa39.exe

  • Size

    1.1MB

  • MD5

    7048e3a317565c358dcbf27b24abaa39

  • SHA1

    d847e157c186765ba54d856a3feee9af9fb5ca6b

  • SHA256

    dc104af3263fc87bbfb9002f805de324e608ed2a8ba8d127365e09d3d3bdbf99

  • SHA512

    da7a4271a6c89b644e418d212cbb3b955018f64720b64d34d8ca21e0a8eee1dcce6f7aac31200d9c1b13a512551271f74e8933aaecc79cc839e75ad75c12de16

  • SSDEEP

    24576:PfYsg64i1TqRNfRpoxg/+ANtg6xXLCqmANmlHj:PfP/tqrRsg/+qtgPAQF

  Score

  10^/10

  redlineexplorerdiscoveryinfostealerspywarestealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2