Unpacker and Config Extractor for managed Redline Stealer payloads
Greenline.exe <path> [--config-only]
Greenline will by default unpack Redline Stealers string obfuscation, if you only want the config use the --config-only
argument after the path to your binary.
Greenline will unpack string obfuscation like this back to a readable form like this.
Greenline also automatically extracts the config of RedLine Stealer
If you want a more detailed explanation of how this tool works check out my blog post