Extracted

• • Target

    d56d3b5cb671dfc7da68763f6dca12e3090384641ec1f5fe7965131101a9edaa.exe

  • Size

    310KB

  • MD5

    ee1737d07f6d1cef675e4de129ed8243

  • SHA1

    28b442b16661f61325cc679c8acf1b6baf0c1aee

  • SHA256

    d56d3b5cb671dfc7da68763f6dca12e3090384641ec1f5fe7965131101a9edaa

  • SHA512

    b20c2d6d9694f6642e1356840fbcb62e69ea91beaeb68f69e88d06aa24ca3c631cb85dfac49ef3ed91f56062f45931d07f1f9ff921157fa2ae1fc9b6cbe1c23d

  • SSDEEP

    6144:6BEMVzo7wMSBbkBB1ARI/lcGuc7TNSbTq7SDpDb1KvmfstYuADUX1N:E9oo2ARI/lWuNSHq7wpGgstYuAD

  Score

  10^/10

  redlinediscoveryinfostealerspywarestealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2