Extracted

• • Target

    file.exe

  • Size

    323KB

  • MD5

    a0c6989730b44ee30722feccd86d946b

  • SHA1

    4ef62e701352c7dfdf0807460dc4bb3c22be67f0

  • SHA256

    5669998000fdc457a919dea600b100809d0bb5681cbca6a67b544307233b5915

  • SHA512

    e5c622f22ad40cddae798853d40af4695a37bd75624193c0181504a3ac2a28c146339bf06ae0110a995c90bdfcaab9a3072e18a7f610cbed24d5b1d028fc5eba

  • SSDEEP

    6144:KF0iDT0uzcvXjGQfp1Shf0J4eKC+2Lojfckt6QLniqtBZ2AWwZB24kAscHjs34ha:KF0iPDcffXLqdtpLiqtBZ2AdLdkAssjA

  Score

  10^/10

  redlinelogsdiller cloud (tg: @logsdillabot)credential_accessdiscoveryinfostealerspywarestealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Credentials from Password Stores: Credentials from Web Browsers

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2