Extracted

• • Target

    b0a7af9a6cf6cc9da2260140a8012fa9630cff7afb85cb152022bbc852dd2eef

  • Size

    1.5MB

  • MD5

    779f5fad41cce60fb654526697978cbc

  • SHA1

    7fb203d75f0d0c354a3b2be1735a33a9b0858f3a

  • SHA256

    b0a7af9a6cf6cc9da2260140a8012fa9630cff7afb85cb152022bbc852dd2eef

  • SHA512

    16689167a6a74efb13b7a9bb789e1afffc6d35999fc23b9d22175786565b5ea861c9e847139c51dc49bcac5e8dc474333ec0bb74515c4173903fd1d50870e2c4

  • SSDEEP

    24576:yyhYBJzoQr+bJYQO0mEbKxUjfgQLtYWy1BlPYq6Zsl6USt13McQCkozcs2:ZuvqY6mEWEfVp3y1Bi9ZMrSt13D/zQ

  Score

  10^/10

  redlinekinderinfostealerpersistence

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1