Extracted

• • Target

    file

  • Size

    482KB

  • MD5

    78816926d26a0a3aec43cdc3c4956ab8

  • SHA1

    809e335d6002b6f32b162a00a51fd2332e8f8a79

  • SHA256

    accf49b74c6162e418771f5820d677a54d4e9a3ba46d2c39c1053193afb6c035

  • SHA512

    b0a57ffbf8316fadbdfb8569fcea3e0992cc96463cfe1d59419c65677c2920835da18beef8427e7a31b0350266978de80a2b880a3cfb458ce8ac2fec23b2b22f

  • SSDEEP

    12288:/h18k70TnvjcEei6HfyVz9ZetuMH1TA43rP7tyQz:sk70TrcvHKbZcmy4Qz

  Score

  10^/10

  redlinelogsdiller cloud (telegram: @logsdillabot)discoveryinfostealerspywarestealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • .NET Reactor proctector

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2