Extracted

• • Target

    47d0414f022c7f0fe5d1a1276b4759fba16ed350b636fb25ca167049f82de46a

  • Size

    1.1MB

  • MD5

    dcc50df94a2741682e1899444e81ebeb

  • SHA1

    7b8b68244aa04e36b9a85e78d306b9dafccbf33b

  • SHA256

    47d0414f022c7f0fe5d1a1276b4759fba16ed350b636fb25ca167049f82de46a

  • SHA512

    6764c83c26717ec2af28c1dc758404583233bc6eba9483a92c9d94d814b35f4bcb0a09bac146b569a876adf79a299228ef8e1ba49f5c12a1e7eb78696f11def8

  • SSDEEP

    12288:WZLxMjbRoaZei8jhA9iH9x6y0BFKhTZvF9+mKe5OLfaY2X1R7RIsEPYsulocuvMp:aWjFoaZeDhA9iH9r08vSaYoRsPYB3a/Y

  Score

  10^/10

  redlineinstalls3000_20231023infostealerspyware

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Uses the VBS compiler for execution

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Suspicious use of SetThreadContext

  behavioral1behavioral2