Extracted

• • Target

    33cec66f6f78eaa22b42f9eb07f942c259bf96600af5c7ba1a3e1c0a9ed664b8

  • Size

    928KB

  • MD5

    60826a5b96852dc33380390c79ab962e

  • SHA1

    84efd7a0bf21e63f3facb83296fc6bdb7f26eb44

  • SHA256

    33cec66f6f78eaa22b42f9eb07f942c259bf96600af5c7ba1a3e1c0a9ed664b8

  • SHA512

    7a24fd6c1d4e1c0e1f82162f56f538c9b45bd81b12b215f46dc50fa2976684478838c40ed333ca15a08f952b3f4811f43235d22b67a09bd98127a9be7fe83021

  • SSDEEP

    24576:4yCIBjL08DJ41Kt5xBw941w8MyLZEZ18sVc6:/CIBjLFFBAbqSIY

  Score

  10^/10

  persistenceredlinetuxiuinfostealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2