Extracted

• • Target

    d7a1b2002766b697c01b6f24f8e6d9e12c9734ccb0e15c7bbcb8d01f9c27f98b

  • Size

    1.1MB

  • MD5

    899b782a27ea9515dc7f46bd222274f1

  • SHA1

    2f564536627e3d1b25c262b3dc36e0102df9852b

  • SHA256

    d7a1b2002766b697c01b6f24f8e6d9e12c9734ccb0e15c7bbcb8d01f9c27f98b

  • SHA512

    56978c49c17650b628df30e3dc0a24cc6d4799a6625805358652ee809debaae115131b3c80c9f0e7cd655ed04c49f9ad6abce380ddb389eb1e2f439f971228bf

  • SSDEEP

    24576:xysbya7vRxi0GJXkDzY7pi/pNCEjNgLTekdpiaQxoTIIPm+VjTXn+u:ksbya7vRtGlksp/ECTzyvSmGfn

  Score

  10^/10

  redlinekukishinfostealerpersistence

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1