Extracted

• • Target

    7c391dbf07a9a106095096a715a8a2062b4919d50ad55264c7ae14cbe099d6c1

  • Size

    929KB

  • MD5

    87b5847eee46b547fb1e8d4aafbd1b08

  • SHA1

    1954752584415c8fbf4472b8a8d55cc695745025

  • SHA256

    7c391dbf07a9a106095096a715a8a2062b4919d50ad55264c7ae14cbe099d6c1

  • SHA512

    f771bb9a3693443d8c1fb64f481f94bc2de0554d78463b5acc0c13f22f19324a2aa1dba32cfc9d3b2d800e50231d0bec786e3e1e8af271ede297e6e951ee3c6c

  • SSDEEP

    24576:7y4T3tZcwjg/Ok4AHtC4tBP/GV6KXkEBpGqo80tOIgYlj:uo3tRjg2k46tPGOhL

  Score

  10^/10

  persistenceredlinetuxiuinfostealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2