Extracted

• • Target

    aa2c995858557c0cbe47de3a080f269acce3997e3a894a394560876034204845

  • Size

    1.7MB

  • MD5

    2a85ef79f993449122181e13799bd986

  • SHA1

    9633fc5ff27c2c7c8c5b572896cdd5678a508e02

  • SHA256

    aa2c995858557c0cbe47de3a080f269acce3997e3a894a394560876034204845

  • SHA512

    6281818e9718321a55c1fd701aa7c9ba4d0f30b145164a56e15b04a72d127dd909daeca7fc5cbac4cb44f428434e94309011d9edd9e5bf8df51714e79b1984c6

  • SSDEEP

    24576:QyM+qM+p4abCyV3vMyiAfwRLpVV2CGigx1CEPWLcBQ8ezmlNlpRd3moc0:XtdBoPkHFeKgDCrLcBQ5cLp2o

  Score

  10^/10

  redlinekedruinfostealerpersistence

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1