Extracted

• • Target

    20a4b56083fac4865a31e9ea8bbbc3d8ec039e1003b259dec5ed0af02efc44dd

  • Size

    118KB

  • MD5

    e1947e28f48c9933a57114625e82f736

  • SHA1

    db064fbb7d772a64523869fc483dd2e15e4fbd96

  • SHA256

    20a4b56083fac4865a31e9ea8bbbc3d8ec039e1003b259dec5ed0af02efc44dd

  • SHA512

    72bc70055b42d81c4bfa148713bdf75e3f592623c2ec940cad2f42f99e8422920f1575e1352556ae4b5e2ded19ebaffa4297ad5bc8983e40fcd95ac9e7ab38c1

  • SSDEEP

    3072:Oi+kLrwSKERCGDcmVdvSExID/8K2xuNE7PA7d6F:OJp+dvSExID0XxFo

  Score

  10^/10

  redline7001210066discoveryinfostealerspywarestealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of SetThreadContext

  behavioral1behavioral2