Extracted

• • Target

    930db354aaeca06a2e6ce45de50a0f1ba5f72ee2b21bbd3050929b8f42a28587

  • Size

    1.5MB

  • MD5

    9c8f30643f1c60412701890b4b0dbd57

  • SHA1

    b36dea628c7b03df5edb48687258054426704bb2

  • SHA256

    930db354aaeca06a2e6ce45de50a0f1ba5f72ee2b21bbd3050929b8f42a28587

  • SHA512

    1180ffc61fd42aaf86abe78b3877f4ca6a32053305302a930d9e4282c885fa666d36356ea0bdf412e43bdbeed28078aa0f05196348380845c549061bcd8adc58

  • SSDEEP

    24576:VybNCnjGIGit+NJFibHz075Xt/We2gAaZKRzCXz6VZnEtBuGggLkUX7Ngd:wJCjGIGisqT07lYg1QCD63nMBLwIg

  Score

  10^/10

  redlinekolyaninfostealerpersistence

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1