Extracted

• • Target

    eb26d5b18b3fe885a926c87d40d273b124f630cff3ed6720f91e17ae1e2fff24

  • Size

    1.1MB

  • MD5

    5f3859ab9a0bd573705acaf1c58a307c

  • SHA1

    29dbfebab48f3f5e6520cf94a96741505e00b494

  • SHA256

    eb26d5b18b3fe885a926c87d40d273b124f630cff3ed6720f91e17ae1e2fff24

  • SHA512

    a55675cd5388eeeb9b823477bc3b4b73cee54ccc2ee45219463396260c2e2191f38250d2aed1394682e7f2abd40a2b918634510fa8eda1912afa4e69d06904dd

  • SSDEEP

    24576:7y0yySsryPMzazrlPC5Y7ODn5BQVFWQTwUg6qGWXwkXv51gRk+d6Joau5:ubaSWGGkfFkUtWXwa8RVd6tu

  Score

  10^/10

  redlinekukishinfostealerpersistence

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1