Extracted

• • Target

    885354dd492197d8dc3bb11761442c3cf9e401dec29586fbe94ef4c9c38bc545

  • Size

    1.5MB

  • MD5

    9c40be3ea275f5c86e0c96bee920496b

  • SHA1

    edb0d70c0a09f60241ca2b9e29346a48295f2a1b

  • SHA256

    885354dd492197d8dc3bb11761442c3cf9e401dec29586fbe94ef4c9c38bc545

  • SHA512

    110b811728113ddcfedfbd5d7548f9b7dce682e43bfaea7fd6be5fb435b05b2f1f0d45fbe7e3999061e5eca8a2fee5b8f8206c10f133375c6e6024931a1d7a97

  • SSDEEP

    24576:MybvEZH2OWjjJYTflTvTPfL+lAj+EfI1WE5wZtMK7oKEOKDJeTFBrweiFGzmbNR8:7QEHYblSOj+Ef4iWOKDgTFtwxbI

  Score

  10^/10

  redlinekinderinfostealerpersistence

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1