Extracted

• • Target

    ku142932.exe

  • Size

    386KB

  • MD5

    cd2b5a7d7a4e918725a07c42fb34706b

  • SHA1

    6fc73eeeaa8cb00ea3ce516853431e42f18c1b4a

  • SHA256

    d10c7501dd8bd2476df4dd0e68a5d3890340528238ef2d225a942fbd683880ec

  • SHA512

    4252e3537f506c1a02920376d0604e33ac7454993ce865aee4d5965437e07bd937c9b7351dbd9cce3fd3373790136f060c6b08f1729ba9ca0f3d8f5ae7d0da43

  • SSDEEP

    6144:NGvZXQ8LX4Kfu0Ufv5OdWlGoyrLUxE8jEAe1va:YvZXQ8X4KWIdWko/u8jEAec

  Score

  10^/10

  redlineborisdiscoveryinfostealerspywarestealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2