Extracted

• • Target

    18c8f1c5db34b174b15992df9f5fafdc713ff6a3735f2faf3fe1960796264cc7

  • Size

    267KB

  • MD5

    4fff2165cee344d3ec592cb8eb996ebf

  • SHA1

    35f08b5eeb750a369c07ac091af95a1542cac5fc

  • SHA256

    18c8f1c5db34b174b15992df9f5fafdc713ff6a3735f2faf3fe1960796264cc7

  • SHA512

    0fbf87ef94f8505a4133b0526b0fd631e0cdcc94e5ca16bbb3e091470d4747caae6a7ffe66732b84cff44c72f0e320bcc179344aaab040023d991b283b99c738

  • SSDEEP

    6144:YsOllhS4qdxjPxUUsE8q6mg0hvLvADBD/YGXQ8BKmmKU:PU/SNRoGLV07BXxBwKU

  Score

  10^/10

  redline5637482599discoveryinfostealerspywarestealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of SetThreadContext

  behavioral1behavioral2