Extracted

• • Target

    29a808de2d82612a27d0ffb5a6505a90e0884d8ea332a282847d7da04f52b5f1

  • Size

    785KB

  • MD5

    d6e9e86e003086022805cd59d1a406bd

  • SHA1

    514a4aaa1d1a0577fb1f84ff5d36cba8ea9619ea

  • SHA256

    29a808de2d82612a27d0ffb5a6505a90e0884d8ea332a282847d7da04f52b5f1

  • SHA512

    bff9b88db4187f31f1aa4f405d676df909eacf5ad48a9f413278e2fdc656e735c0ab265f0f4cdc87b8885d15109ffc7cfca071faca9352988ec2a6f0afb36ac9

  • SSDEEP

    1536:Wrae78zjORCDGwfdCSog01313os5gP2DKPJY8rPf128M+ZtgTr2u92PUmqIf0O0Q:uahKyd2n31x5BuIZ7T9vGPr

  Score

  10^/10

  persistenceredlinebethoveninfostealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Adds Run key to start application

    persistence
  behavioral1behavioral2