Extracted

• • Target

    file.exe

  • Size

    314KB

  • MD5

    724a304d92c8e4920afbc604d34ad74a

  • SHA1

    311a20ea19ff1be6f3fe2e9858992152430faea2

  • SHA256

    5c3058217a873a3393cf4b033ade3717e25c1d1cee2cc44c79e92fa8b9a73c38

  • SHA512

    3a0d1b199bb17057d2f67a0d44dc7dd98559570b9ec4ba5c331e683116be283052d75d4154602d93edb1afcf94d7f464a4dd4d05a99524cab3209e6b14f3c9e6

  • SSDEEP

    6144:CTnxNdwRsC6ICw1CSgeaL07RtmRjqajRGVD8xcDWraF0yFbrbVuF:CtNdwRsCQiIec0t8jqajRJFmF0yFRuF

  Score

  10^/10

  redlinelogsdiller cloud (tg: @logsdillabot)credential_accessdiscoveryinfostealerspywarestealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2