Extracted

• • Target

    31f5db3ad77f56faed3626b11b0b89a6f679a8e1eca3df7f2bc88b4ed8416c59

  • Size

    315KB

  • MD5

    b80077485070b0ba2dda8608b4ebb990

  • SHA1

    af0d52e4f443e90aea2bd1458c667307e2ff6559

  • SHA256

    31f5db3ad77f56faed3626b11b0b89a6f679a8e1eca3df7f2bc88b4ed8416c59

  • SHA512

    ea1cc593af9afb110f66b41cf47b977a03f283092b46ea957ef3d93121bd36b8b9eb7a2afc0c07f1bed381b493a1cda5531c39c4876bd81fe9ceb1834a1e95a0

  • SSDEEP

    6144:3T9pI60nbM8uPZy3+8KIDBFuoaTPJKLHnF528d2aGgvZkXHS:j9+60nbnuOFLCPClsAwHS

  Score

  10^/10

  redline5345987420discoveryinfostealerspywarestealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of SetThreadContext

  behavioral1behavioral2