Extracted

• • Target

    NEAS.f9861304835d7d37cc9bd191d3d42e825801d7f60569c5d10bffb4ed951bc42d_JC.exe

  • Size

    1.2MB

  • MD5

    607a1754f40a4308c3da03fc73bc177f

  • SHA1

    3234130ca6446ef74f74a930abcf186946b1733a

  • SHA256

    f9861304835d7d37cc9bd191d3d42e825801d7f60569c5d10bffb4ed951bc42d

  • SHA512

    6a94ac31bde01e1b4920b4c17160971f60fbc39969122e4047640116111d456e33bc701626f15b3352cefe0aefce0a85ef882be435a23c74108a6b24aee13a87

  • SSDEEP

    24576:ZyXIQqQEE3fPEuvH3aaCch1a59jVMcN3WDsiEdOeHoX8X2K/VlWb:MX7PFh1a55GcNmbuOeIM

  Score

  10^/10

  persistenceredlinelutyrinfostealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2