Extracted

• • Target

    2c107e36186c98aa050f4fdb6fc6cdedcd127dfeb89650ae2ac66d986affff0d

  • Size

    1.5MB

  • MD5

    280606f29681c82025a0f45260c013f0

  • SHA1

    8e95c958580b1f4f27a76340674bcd8ffeba0519

  • SHA256

    2c107e36186c98aa050f4fdb6fc6cdedcd127dfeb89650ae2ac66d986affff0d

  • SHA512

    cc97cd58ad8914b0b398a83fd1e09bd9fcba861e85fbca655ce71d2b109ed3cd7045786db591df5c0a953fedd5bea8740fe0347c98f2f85261108c288061e55c

  • SSDEEP

    24576:MyCe+YfO9sXIhOZaz9y6IjApHb7aaDUIz5wJwdrr4Vo4CoMZ0r:7bIrwa5y634Cywdrr4Vo0

  Score

  10^/10

  redlinekedruinfostealerpersistence

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1