Extracted

• • Target

    fd9d1a331e19876b4898f2522620fbd77b87c09ccb2f46be5b7187912b1103c4

  • Size

    1.5MB

  • MD5

    d479d458626dbc2f25395958dae8ce4e

  • SHA1

    3e398fc5590d065d693ef666e13b050dc0154351

  • SHA256

    fd9d1a331e19876b4898f2522620fbd77b87c09ccb2f46be5b7187912b1103c4

  • SHA512

    a502690f679d01d6e91de9f5f110c355657d24b84654f7402ca8dbf093d15c6b27399c88e263fb328d7246b7ebaa2ef258dc640451391a12370757980c7148e7

  • SSDEEP

    24576:Tyi014Mkd9e8csYKyrx/eQ/VoVno8gsmIAq8iMS+Uwu3BwaA/hZINOlXNulX8/sz:mi0xkWXHrzyVnzXmIe/U53/A/hZIokl5

  Score

  10^/10

  redlinekinzainfostealerpersistence

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1