Extracted

• • Target

    FkJbps6Srrl6lOQ9M_l8dpw2.exe

  • Size

    509KB

  • MD5

    b8e1a18940a4b5f002bbf04f334ee02a

  • SHA1

    85c3076aad3bed20ecdf94d50d4937132b7788e6

  • SHA256

    3a46d11a2fe4b8e7e91c0771bbd86de9c22d634ae09278f7739e57ff9725f896

  • SHA512

    1f3e237b9b9228cabd5a1469d29b5bbc934928502cb5c0427a002d9846c8582574c8d7a4441e321e696732b8b2bf79b779b2f050037c02a53aa8c155fa434d86

  • SSDEEP

    12288:q88sCGxeImxxbTuylGHljSEqFT/fYUA3BVyt0I4ZCdf:q9rGxDmxxbToHljoffA3BVGmkf

  Score

  10^/10

  discoveryredlinelogsdiller cloud (tg: @logsdillabot)credential_accessinfostealerspywarestealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2