Extracted

• • Target

    f499e5db8229de1046c7a342c56951cfa48d056957b50367f1b05e14554ce8c7

  • Size

    928KB

  • MD5

    e9edbae41a141766bfa8d1c6c431c4e0

  • SHA1

    bb8ad42634c95677e092cbe5506b7a60cb210b28

  • SHA256

    f499e5db8229de1046c7a342c56951cfa48d056957b50367f1b05e14554ce8c7

  • SHA512

    998a38525c662e573e7ae038ab8237ac2df8f5f5cf15c6f1de74ae5fcfffcabf68f5f6a615f17679f35a5f24fe319da2eec5fc506aa75664cc7b8f1b8346d5a1

  • SSDEEP

    24576:Sy19lTMRkoysGsJZ6k1nVDaxpvuggwQNZE4j:5lUbysTnznVDaxBhgwQNZE

  Score

  10^/10

  redlinetuxiuinfostealerpersistence

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1