Extracted

• • Target

    Setup.exe

  • Size

    312KB

  • MD5

    106240ccfdfce3e82f6117157ff56f60

  • SHA1

    699a9e3585f7e0b48be273e5fcb8b056a095715a

  • SHA256

    34616a93cfa34eb97dc6dd5c9f1e8743f1b0345c72bf738178703f37016772e9

  • SHA512

    c1bdf5bf81040d638113d7c1c5e49b1e1af76d91a48a0d88464f501afa78ed22464fa849f5150c3c75eebd27481a1069654301be8e3f838b39c06c42f34d6609

  • SSDEEP

    6144:g/2Ia3q5Iz/YVrORj/aWzW6y9heH7UBm8XcpEuD6BZq:g/ba3ygYVrORjSWPIK7UfwE+qs

  Score

  10^/10

  redline@ebursteamssdiscoveryinfostealerspywarestealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1