Extracted

• • Target

    a98b08332276aaa858071df56386c601b3134bbca3178d7be7e38d9ae14df421

  • Size

    1.7MB

  • MD5

    8541618bfdf5e9f5a8361a1fe9aa0651

  • SHA1

    866746d7124f7f957175e907840e9747e99bf526

  • SHA256

    a98b08332276aaa858071df56386c601b3134bbca3178d7be7e38d9ae14df421

  • SHA512

    3beec5cd8f271dd04d028edfeae5fa7fd5c6842fcdffbf28395abbc3d0947b4f6fcd25c54c29950fd7bd58bc726c0fbe9eb18942e1ea266b1345487e990860bd

  • SSDEEP

    24576:hysbWpxOCnFT+ixtQnlX+KMNnb+o50I7ZGR8bKd+S5dko0C1UT6C50IrYtH/bhGH:UskxOCFKRRU1Z8qKd+Odk0ohr8b

  Score

  10^/10

  redlinekinzainfostealerpersistence

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1