Extracted

• • Target

    66561bb14913a1cd899dc375baedc0c1.bin.exe

  • Size

    514KB

  • MD5

    66561bb14913a1cd899dc375baedc0c1

  • SHA1

    281c6863850a9153481aff043ea8be11ac50a451

  • SHA256

    4c6b2a92796f1b86ef518b1af829c22c319471f2bc4b119f6b6ead9607d6e7dc

  • SHA512

    6e7066bc6c04f6f4729f4ad728a905c9d8287ce692669a0b3764a5e297d1006b63d3af725a854a9880d275c2a1e6d5b8a72f71268d3597c384948d93425807f7

  • SSDEEP

    12288:i0Nutyq5ViplmKWKpzfrxTL+R/lqW5OMy:n0ribTWKpzfrZS2W5

  Score

  10^/10

  redlinediscoveryinfostealerspywarestealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2