Extracted

• • Target

    e8b9cbe943b030010dc976ca280bd3168842fb7a002e268fddcec137fede1be1.exe

  • Size

    473KB

  • MD5

    0218a6e9bf2d89920d0b259187009ee9

  • SHA1

    21fddda558c7560fbed27d57bc5a1fc0b10d304b

  • SHA256

    e8b9cbe943b030010dc976ca280bd3168842fb7a002e268fddcec137fede1be1

  • SHA512

    c8f02dc22a6081d85d3437d4a0f17641e17e7b87f5abe0d3e0c4160d68449043ea267d074b419d8340145037c02f8effde5e490fd9116a17e435bded67273605

  • SSDEEP

    3072:HA0tnblO9c+OzM52LsbfbujzJ8KFnyMxs589kIMRqfjDv/YiBihA1NbBOS:bauzxLsbfS5jx48hMRqfjD4iBih+

  Score

  10^/10

  redlineemploymentdiscoveryinfostealerspywarestealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Detects executables packed with unregistered version of .NET Reactor

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1behavioral2