Extracted

• • Target

    266dcd60a74cdf15635fdec1a13b7db2048117b2a7016d4718323427e319900e

  • Size

    267KB

  • MD5

    445e1c90a0a4f04a5340e4e6f52541b1

  • SHA1

    687b0b899e0f05f6985203a96627f34aa5d59e66

  • SHA256

    266dcd60a74cdf15635fdec1a13b7db2048117b2a7016d4718323427e319900e

  • SHA512

    89717dbcb98edf4f140fca08fb58e8989f9065bfa36f9bdeeeb779192d34a68cd39347e33acf9c6500bd79e6f8ac1f235c5ad60c62b92d5a0e95f61a6c8c5182

  • SSDEEP

    6144:XDOllhS4qdxjPxUUs5v9pm/q6qCAjJd7aOyhtmmKU:TU/SNRGmS6qCsaOaKU

  Score

  10^/10

  redline5637482599discoveryinfostealerspywarestealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of SetThreadContext

  behavioral1behavioral2