Extracted

• • Target

    7be5b7f03ab97a236369abf33d5dbd7f41c136ff9addc8e2fc02268d9e2c850a

  • Size

    314KB

  • MD5

    e4d0e6f29ed7bee031e78710ce11360d

  • SHA1

    ed44b86a4e09d19ebaeba0dc135c3c0f70c1f5f3

  • SHA256

    7be5b7f03ab97a236369abf33d5dbd7f41c136ff9addc8e2fc02268d9e2c850a

  • SHA512

    89c9d89fb8167a64f551a027442e15e89692dac97ce7b9114a22ab26bc085a42a4c20a3b4146f1592c5e47299905364c27be8a17fd9739d4447bfb6633fca81e

  • SSDEEP

    6144:N5npI60nbM8uPZy3+8KIDRBu+mv+zsl+GoSjOaXHS:jn+60nbnu+B7zsDzjLHS

  Score

  10^/10

  redline5637482599discoveryinfostealerspywarestealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of SetThreadContext

  behavioral1behavioral2