Extracted

• • Target

    9543fe99870dd21ea09ad02decf0d7c578541aa63edfda834aed4099d7bd6043

  • Size

    938KB

  • MD5

    9e63bbc5d0b9b7ea1a487f07d2ea8dce

  • SHA1

    97f2bb652c404705e3a3c3c5d1b670be294cf7f8

  • SHA256

    9543fe99870dd21ea09ad02decf0d7c578541aa63edfda834aed4099d7bd6043

  • SHA512

    7c720ffd65b2a6e98ca533b82669c7bf4f88ff07072f1cb1f5c87d88e7c18bcfa87f41154fc76e3f0f2cc3805fabec38c9305e0045f97e42da0ff097f2bc6d56

  • SSDEEP

    12288:dMryy90rRIlUwj8BECcV7/+IMvxWT/VnIZfRrgf+u655k8x4FVsyDMEsrJPBhdoE:vykyIaYIMvxWZnEef3Uke1ThuHuDT

  Score

  10^/10

  persistenceredlinetuxiuinfostealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2