Extracted

• • Target

    ddfc10c0c7bc80e272f955267dd2a49873be091d1ba1572a8a643113f80d7f16.exe

  • Size

    118KB

  • MD5

    54631141f64bead77a1e8ea8e350816c

  • SHA1

    8a33e657672ff70d66381d04a1502d031056fe56

  • SHA256

    ddfc10c0c7bc80e272f955267dd2a49873be091d1ba1572a8a643113f80d7f16

  • SHA512

    6dab8cbebacab7567accaf41aff4ffe94efad518acbb05c47ba0a52a84ae276d2994a2dd17a04fbd27bf850e5b46b724eed46892ec4d21d78613bc7f96e0a21d

  • SSDEEP

    3072:Wf9le6zJO6kY8u+NnKqPWUUmjeV+PDIw8ne:WfMY8u+NKgtLiV+5

  Score

  10^/10

  redline5345987420discoveryinfostealerspywarestealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of SetThreadContext

  behavioral1behavioral2