Extracted

• • Target

    ef8f3e59bebf6c0631dbf542d9f08e48e8a7b39101563e9fd25f23fac1e895ce

  • Size

    1.5MB

  • MD5

    45221b1b0c00d36116d58b7d4192f182

  • SHA1

    d34470762201aa3a020723a26ab65ff3496c8831

  • SHA256

    ef8f3e59bebf6c0631dbf542d9f08e48e8a7b39101563e9fd25f23fac1e895ce

  • SHA512

    95ed594161b6733e912e40fe621be0dd065e9f03a70506b51561b71c711cc4a0e8067b2f10528cc0cc5e423d1f190b740a90c08ecd604ac3de22bd0363d0410c

  • SSDEEP

    24576:sy18J2vAxlGqgXFV0VnOPf+2foadDKBzLGKra3LmmeYsCT1SU5BeTAqkfFOB:b18lxlGLFVGni+2zKBvGK4LO5uSU54EU

  Score

  10^/10

  redlinekukishinfostealerpersistence

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1