Extracted

• • Target

    a78740afe5f04a6f8f9e0479a6b40da230200c515121d37e05269bc5dde77774

  • Size

    1.0MB

  • MD5

    9985c664063573c6ca4e13d707e0b311

  • SHA1

    4a955c64e44ed012c583bbfb82d2eaf7c259708d

  • SHA256

    a78740afe5f04a6f8f9e0479a6b40da230200c515121d37e05269bc5dde77774

  • SHA512

    d0f44833c396f390f0af4aac8d4f8c6fe10780a8ea624a8417604706656f4ebfe6f839258f8b18f41d65f7f90b94ddf84585ed7c6ee46bd8a761425c23b8908d

  • SSDEEP

    24576:Yy3/+56Phs7H+SF5o+yaU8CE1X7BQV5xiMz3ratw9O+w8u95:f3/+0EfY+y3NE1X7BQDxiKDo8

  Score

  10^/10

  persistenceredlinetuxiuinfostealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2