Extracted

• • Target

    bce1cfaaf391a9dd8498ed23c1daff9bf320e801f15d989df2a1fd017df9c0d8

  • Size

    1.5MB

  • MD5

    042b5c481ee260fa0547a2c5e6ff6913

  • SHA1

    c381363b41f0e13e370e7eef1753d3edcf0b8518

  • SHA256

    bce1cfaaf391a9dd8498ed23c1daff9bf320e801f15d989df2a1fd017df9c0d8

  • SHA512

    bd44b5aaac78159904e79ae0984a9de5dc9e7a7dce1675d1e3fec1604d369cf518d5111381142f502f06c124c74c717e6baa6982a9bf59cac63be7e4dc7b894c

  • SSDEEP

    24576:cyx3XuF/ew1vZ+H29ViqUG1ecoKSvDb7zQto60eP0rfpk1/QEbsgDO+hX8:LQ7vICVHX1e8QleP0Fa/QEbsa9

  Score

  10^/10

  persistenceredlinekukishinfostealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2