Extracted

Extracted

Extracted

• • Target

    e4ea1e241c31428f0d87c1d2f4426601953b66f7408084b24425efc02c49b602

  • Size

    957KB

  • MD5

    27e00651115e1cf2b7dc2601e47cfab8

  • SHA1

    5b9502b7fb746fcd57e9661a3e7573decbe2edce

  • SHA256

    e4ea1e241c31428f0d87c1d2f4426601953b66f7408084b24425efc02c49b602

  • SHA512

    5263dc40a5fe5d9df150f9c47b4dde7ab134b5f31047221564667b960c3c63a5577617a1fbe46c3bbc8a5e5e507b98f989cc9f70174936cb98a43516f5d78c19

  • SSDEEP

    12288:cbcBXo2dAKlpItf+BV3XHSlHYBPHJqXbmxoRj3cQpRnRu9cdTduRB:pBY2dAK4tf+BVHHkIoRj3cQD0

  Score

  10^/10

  redlinesmokeloaderkedruplostbackdoorpaypalinfostealerpersistencephishingtrojan

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Detected potential entity reuse from brand paypal.

    phishingpaypal

  • Suspicious use of SetThreadContext

  behavioral1