Extracted

• • Target

    NEAS.0bac0420be35b276e08b820be46a1bf0.exe

  • Size

    1.5MB

  • MD5

    0bac0420be35b276e08b820be46a1bf0

  • SHA1

    d37e8829fed1300c7186c97119ad2e174a2cbcba

  • SHA256

    bc81424dcbac9a64bbb4df9b49fab85de3c39d6be863e66615cabd21256c4e1e

  • SHA512

    2f266dfab7e23efcbdacaaefcebeb8c861bb91b6f1969cfda84b376771411b352b3a2e3ee126116388e92dafc656884896465488a700fa13b00c6983e544ab47

  • SSDEEP

    24576:ty1SZWlXEhM2qVYCsSIs7DEt7RcR8T5ZK6wRcLKZjzOMDimn3s+3OLHP5T/aoU1S:IBlXOM1GCsPs7DEt7RxZK6wRxz7t8Q0q

  Score

  10^/10

  redlinekinzainfostealerpersistence

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1