Extracted

• • Target

    42f9cb606b3c48d70bf0cbf996f6c449c03bcef41271d3d0ced46c8b2f0e5e83

  • Size

    1.5MB

  • MD5

    36292b1082491f232ea7f351fd8529f6

  • SHA1

    d4267bc52caf6ecd0beb25783d105d68f5dfd6de

  • SHA256

    42f9cb606b3c48d70bf0cbf996f6c449c03bcef41271d3d0ced46c8b2f0e5e83

  • SHA512

    25de946fc87c99b4ca193586d04280cac44d7e36712e70486b732e9caec57e303ac90cbfdc46d093213cee87cbbad8e99ed02bbd22df26121758e3f340b7c519

  • SSDEEP

    24576:ty4wZSayETXZ9xW/gx85aECeZ1ehU59ghcINkAGgwrQPf0qm7jLeiE:I5wETpJzELze643VBwmf0bbei

  Score

  10^/10

  redlinekinzainfostealerpersistence

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1