Extracted

• • Target

    1634b65f8e3942bbb06b6c0c3685e42d6cb0f8681f9cf1fba21b78277e3b20ba

  • Size

    929KB

  • MD5

    76b3a40fd758959fec86fd5a4c865b50

  • SHA1

    f4f223739a155d32e88b6289a2a6c501e066340a

  • SHA256

    1634b65f8e3942bbb06b6c0c3685e42d6cb0f8681f9cf1fba21b78277e3b20ba

  • SHA512

    3eddf821e0acc072caf7db042db5875081240c2ec3cf520d062ecb2568736d0cbd54c7b93d1cda9f3bba13778e2982f6086e0839a7b3934bc8e8403de85aafcc

  • SSDEEP

    12288:pMrey90iklQJ7PNUZ+wAeUhY2Tsy0VOcxQc41lfeQ83DE1nYeA7s6BrWRYso2VHp:byZkGJG+HluvxQDeQ5us6p5+IE6nEjV

  Score

  10^/10

  redlineluskainfostealerpersistence

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1