Extracted

• • Target

    8ff3039072ecb32c50f446d6857aceef55547486f0572fe70feb5b1fa4c4727a.exe

  • Size

    279KB

  • MD5

    d0cce7870080bd889dba1f4cfd2b3b26

  • SHA1

    a973389aa0908d7b56115aff9cd4878fbd9381f9

  • SHA256

    8ff3039072ecb32c50f446d6857aceef55547486f0572fe70feb5b1fa4c4727a

  • SHA512

    5fde0ed0ad44569d290972f336d0ca29c38f49bacefe7ba974cbb17d6db7a1a57a8e4f8618f438820c2ff386a6b9c5b8b702c24ee8718cae51379d1566729548

  • SSDEEP

    6144:imUMliX/k5k646sOcT86ISrQdoBX67Hgo2TWD:AMl6Y/fyQdWeHgo2a

  Score

  10^/10

  persistenceredlinediamotrixdiscoveryinfostealerpyinstallerspywarestealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Downloads MZ/PE file

  • Drops file in Drivers directory

  • Drops startup file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2