Extracted

• • Target

    7ec6934c2dfcacc46eafa6197a5620578e01bebebd8930866af0533bc9f3ad57

  • Size

    1.5MB

  • MD5

    266038a585e5b2d0984615b7522ea1f5

  • SHA1

    e790f5597b8f9046366cda5228003155acfd768c

  • SHA256

    7ec6934c2dfcacc46eafa6197a5620578e01bebebd8930866af0533bc9f3ad57

  • SHA512

    524f359b6ff2493540c723ef17bbf1ed039831fa74df2ed6eb86b62f5e39e327ef9a37bf5026175a1d17a3015cb0f9eaf5876a14e42dc63939647e5e885f61ca

  • SSDEEP

    24576:sy8UCA4G6ExGECPrOakbFAaRFsoq+sK9MiH8KLru4q9Lk0AbZgCy8:b8UR3rxGpiakbn/rsK9J8KLru4Uk3lq

  Score

  10^/10

  redlinegigantinfostealerpersistence

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1