Extracted

• • Target

    313fb3b3daf57241cd8f8a84921bda55a40dd68b6360f2a582f6f02babb2e3c9

  • Size

    1.0MB

  • MD5

    3c68d8b81ea0b476f599e12e8a0a1537

  • SHA1

    493d7fe200184c68a696803849345a52cbbdbe19

  • SHA256

    313fb3b3daf57241cd8f8a84921bda55a40dd68b6360f2a582f6f02babb2e3c9

  • SHA512

    109ff8e011538cd3d789b24decbc0d3257c28749b2440b9c5721fc1dfb1e55fe661cac0783c5bc3f0ffb76c8494ca8c5d551d31f558f42917a73c09ca9396652

  • SSDEEP

    12288:lMrvy90gHIxlkY1pybLNj/fsZsHc6VIkIvUA54I6zvRVrwhjszleFaelXi28dH5b:eyi/X1AV9it3mVzJVSQelSF2ZGyfqR

  Score

  10^/10

  persistenceredlinetuxiuinfostealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2