Extracted

• • Target

    0ccf8b8966f99eb6a6bc323561701bc6f2f7263013affd398024119451a5a970

  • Size

    578KB

  • MD5

    bb1ba9be03ff408727d807a41ec12386

  • SHA1

    944697789e2978114710ad08670633983ba163ad

  • SHA256

    0ccf8b8966f99eb6a6bc323561701bc6f2f7263013affd398024119451a5a970

  • SHA512

    cee4fe9f1e273a86badd859388f5d462915a92f5e7fb1a69b3d2853eced3291f29f0f7fa9e8f6b81a66e48d374b9d6c70ec6ff730e3159e7a7e5f8098fa81ab6

  • SSDEEP

    12288:bMrZy908kke83f3qTEBVy33Dr1GtTiHCy+UIUig4:2yhvDyjuiHCsig4

  Score

  10^/10

  redlinedoxadiscoveryinfostealerpersistencespywarestealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1