Extracted

• • Target

    d9925e74f50cd559147ca8c2da977ebdef529eb5db8171e7d0a9699672f2c37c

  • Size

    1.4MB

  • MD5

    a605f8f4c7ce38ec69a0862c8fdc44ac

  • SHA1

    837b13a1a1381b8169f8c7bdd42237b3463a89f4

  • SHA256

    d9925e74f50cd559147ca8c2da977ebdef529eb5db8171e7d0a9699672f2c37c

  • SHA512

    7700687987e8ece6b8d875715fe39369e32e08cd392c8ae413e02078be51decf68c7b9eadbd34c1d204ba746b4ecf50a5ffa1ca29e4de7cdaab88f6b53f40063

  • SSDEEP

    24576:TyHzml+Ry3HqI63H2B3kb/3cQCysdGQb6b3BCsuXRODTSe5HTJp48ocB:mTAa1QUBCobQs0ODTSqHNp48

  Score

  10^/10

  redlinekinzainfostealerpersistence

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1