Extracted

• • Target

    e444734f8f846c9730b7f82c8c10194a99b65808332a5e79d915a72bbc39918d

  • Size

    1.0MB

  • MD5

    439fcdf0f6a214e219fed2b92553901b

  • SHA1

    b1983d9673d740dbbfc423a514848c6122e36cb4

  • SHA256

    e444734f8f846c9730b7f82c8c10194a99b65808332a5e79d915a72bbc39918d

  • SHA512

    b2474bd7309f981893cd72cfb71513963aece92ac402dc75f2c55068ac0810685a60906eb2102f72e3f3f9e26eae4ecced17dd8bb06c25b2e40db8dead2db667

  • SSDEEP

    24576:fyS1oBomKzYteyUO1H3QsmqjNcW+FEso82Y0WNF3Go/:qSWKzgP3PT+EsViWX2

  Score

  10^/10

  persistenceredlinetuxiuinfostealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2