Extracted

• • Target

    efed91ccf386c9b8115ab66e40af300619081cc033184d10f7f081a100445dad

  • Size

    118KB

  • MD5

    bf58111f2bcc88887ccf6aa6b894bfe2

  • SHA1

    3b1983b94aa4fb41a84a641c9e78377e14003c49

  • SHA256

    efed91ccf386c9b8115ab66e40af300619081cc033184d10f7f081a100445dad

  • SHA512

    a5f0157593a5329aea24ff730115358d88809d22a4100ce52c99ffaad753c80e85e0c3647e1ad5a158b55448175c465ef06a80e22a9f733a4164a898974aef88

  • SSDEEP

    3072:P1V2YgODlGIrfQxwI8lXn0QvtECo0FSCRs:P1V/9GIrf2oXnNtECo0FP

  Score

  10^/10

  redline5637482599discoveryinfostealerspywarestealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of SetThreadContext

  behavioral1behavioral2