Extracted

• • Target

    file.exe

  • Size

    25KB

  • MD5

    031377e4e34dcd19917fac02ff6da79f

  • SHA1

    0fcccffee83cbb77a87ca1b55abc8e18fb267afc

  • SHA256

    d58061a43df6b63e97421904c066ed5ad4b87a3733c250e105e83bc7154d9414

  • SHA512

    f682a314a74dad1269dc1d948dc0c4773eb08e76ab364c3d5a9893577395126e5a409fca18cab24378e95fa71b8d96e20ad22e644275daf3f997edf8592da5c4

  • SSDEEP

    384:jduHBY6QtYnfd6unCuUe1v5NFWJKtEBHx5fyf9SdsPDhxWBtIBLAKhm38fARlQWy:jduH/v1v5NxffIdIfDBtfARl/

  Score

  10^/10

  redlinediamotrixdiscoveryinfostealerpersistencepyinstallerspywarestealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2