Extracted

• • Target

    447d63fe920891bf82767873eccbacc020d5fb609a6138a888e980b0ca25d892

  • Size

    1.5MB

  • MD5

    71bad59f83e0357a0d4439950ba53eb8

  • SHA1

    65c0440133e3d5550f0e040dc42566e130b33407

  • SHA256

    447d63fe920891bf82767873eccbacc020d5fb609a6138a888e980b0ca25d892

  • SHA512

    cd1b283763bb4e729eb800225a0fb0acb4520aea67cbcbd932e7f130f2b381b2cc63566b0501e6f20e2b240e537630a872bb8b7f279d19e5068abc37b3ef47cd

  • SSDEEP

    24576:fy+LLMI2X3x6zqkY41h3ogkiu9DtjhykF9YrTSpWlwVFNrmVSooYh0N:qkL2nxaE41ZogFIDBckIf63LBo3

  Score

  10^/10

  redlinekedruinfostealerpersistence

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1