Extracted

• • Target

    b16f6b5db98444a25cfd061c06bf00798296f75dfe526ed0fdd92f4c81ee13eb

  • Size

    1.5MB

  • MD5

    269aa4d716a84737c033a90488c5f779

  • SHA1

    d09b274fb5b76bf560f64a787abf3bd8dc7553e6

  • SHA256

    b16f6b5db98444a25cfd061c06bf00798296f75dfe526ed0fdd92f4c81ee13eb

  • SHA512

    f4404c137055dba5ef0ffae2f884705c73ab1d574baf7d5ab34c30e766f3a225a4929ab0ac98de91fc1e3508c38e51f876adc512c85927d1be539571c5bae558

  • SSDEEP

    24576:GyI5zzsKKWap8e7hHoXVbyXJbWVHcCSp8JXheLmsvxWYtkLfL:Vi/sKKWmIFbaaSuXheLmKxTm

  Score

  10^/10

  redlinekedruinfostealerpersistence

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1