Extracted

• • Target

    477eff40308a79a29ed5532bd305397cfbc7d9aa675af690d5d98626dd9c96db

  • Size

    1.5MB

  • MD5

    27a377d27d16aa9df83edabfd23b565a

  • SHA1

    4d4d71f95db9e6b0e80c1decfd7e587b71e5663d

  • SHA256

    477eff40308a79a29ed5532bd305397cfbc7d9aa675af690d5d98626dd9c96db

  • SHA512

    f89a2dc0b7b7a9e9843dcaed4c436a0ea6d485bfe5e741cdef46de3dc6f21c6f55194cc47d98efda2f3483b8a5f6df854282af8dface09758496d7aa9651010a

  • SSDEEP

    24576:3y1IC/BgLwm1SaGpzU4VpCDyRmtsN8YtTFRUgZy9qBhlJiLD7ef0nkK8JkrM:Cf/lajcpC3tsN8EBRd8kblJiLD7znkk

  Score

  10^/10

  redlinekukishinfostealerpersistence

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1