Extracted

• • Target

    b54f109fdd7559726fdf897fdb192ec5c39c900a649d7264eec99a7b65d196b9

  • Size

    957KB

  • MD5

    6520b14d7c38eaaffa52e8ecdd2d6f03

  • SHA1

    e61f68864943268e7df6cd9f6d5b7b7983320f02

  • SHA256

    b54f109fdd7559726fdf897fdb192ec5c39c900a649d7264eec99a7b65d196b9

  • SHA512

    5c777774f22c36e6ef89dbfa8d8407a08b50b882e6fcd8cb790280c6e7b41a877547b293eff716e99c030014ae4c7e618157b31a15cfc3f821dff8fcfe53849e

  • SSDEEP

    24576:Oydsmz9uIixo5EwU+3c+9cNYu+AFt7J9iq4knFZZ7XKTh:dWEbixMEwUxOcx+AFtNllK

  Score

  10^/10

  persistenceredlinetuxiuinfostealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2