Extracted

• • Target

    1727c4056b4e2c20b4f0feb0ea0121703895ea5840717f99d44669fa2110155e

  • Size

    1.5MB

  • MD5

    424480696199fb6b08eadb2420e2381e

  • SHA1

    144a91afe2d09b1aa0fe48bcf84e621f327b2e95

  • SHA256

    1727c4056b4e2c20b4f0feb0ea0121703895ea5840717f99d44669fa2110155e

  • SHA512

    9d39edb67c1a46edf02b11128efc3b4663256abb1064844322700cc79dcb04d161ed2bd3f3e97642c1199b4fe2d3019e551c0b236d152f397420d057b41762c2

  • SSDEEP

    24576:oyNW0JYL26ZrvpCAFwljKHnI+vm53SqmEZtCW+GtaDYNo/tie/H+THESgwe:vNWT2QzZCl2HnVv2MEx+Ns85/wHESx

  Score

  10^/10

  redlinekinzainfostealerpersistence

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1