Extracted

• • Target

    cbc704addac3560a5962afa8a84f9ff44b335c98384415fcb031aeb849e8ea79

  • Size

    1.0MB

  • MD5

    2a6e11cfe25c5b88147a176f45c95c75

  • SHA1

    2713b7c35daac11e8a3361dd055efe41e9e1ecfe

  • SHA256

    cbc704addac3560a5962afa8a84f9ff44b335c98384415fcb031aeb849e8ea79

  • SHA512

    9b0a1f886504b2d23eebc438198c732a428bf7182a71a4f1c9c15cda343deb129ec03d84c0f9e32e5c26e1cd4814ae5f8fc7e7e341cf5f8ee5461afd23444dca

  • SSDEEP

    24576:ByAtcnpvkxwE99FkMcU9aD+Lfv49ch5yFniyad:0A0ZfE94U9r89eanU

  Score

  10^/10

  persistenceredlinetuxiuinfostealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2