Extracted

• • Target

    a07cf26bb05c3082d325b77631ab06b20c75c1875dea9c4425f72a9d27556772

  • Size

    118KB

  • MD5

    5193656a43b3ae0c025ff3e583166436

  • SHA1

    27d8aa97cf5c12f41a52506b38f994a349d66321

  • SHA256

    a07cf26bb05c3082d325b77631ab06b20c75c1875dea9c4425f72a9d27556772

  • SHA512

    a06e90ddd2852cc3e5ac686e21550abbab5eaf4ce66ea28476f731e32a3459864ec478200083d26cee0a41b68d0f921b80cfec78046985d7b6d23060b3f5af6d

  • SSDEEP

    1536:wVCOjc5iKqGqKAO1VWV8bee4fljzuXppO7Nw16qf4u+G/yxSR3bgwxW9kUtxttt0:Br5ivGqgHWy8flz6PAWdRrtxWJoqUIo

  Score

  10^/10

  redline708370717discoveryinfostealerspywarestealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of SetThreadContext

  behavioral1behavioral2