Extracted

• • Target

    Setup.exe

  • Size

    238KB

  • MD5

    c913d783de7b3d8af7f333abdab32d59

  • SHA1

    f5a36e0622b482c886aed99ab2ec75f391db4f9c

  • SHA256

    e31cd4a352c3550c113a4b3a15646688afd2e92d9f7cf0e23e147203da08d173

  • SHA512

    4825018c0e74a3cad0bfe53afc459b95ad658f13505f92291d8aa628cb6c7521a9d5097919bbccb4d850500ba3f4734d1dc528c89b81204b8384010328c9cab1

  • SSDEEP

    6144:jf/8Rlc0jWtxg3FSwC76VtloLQnfbUyz24q9v:jylrsxg3FSwC76VfHp2/l

  Score

  10^/10

  redline@prsvt6666infostealerspywarestealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Legitimate hosting services abused for malware hosting/C2

  behavioral1behavioral2