Extracted

• • Target

    NEAS.4a2b9cbf7b6b4f2b57fe5191993886a0_JC.exe

  • Size

    1.5MB

  • MD5

    4a2b9cbf7b6b4f2b57fe5191993886a0

  • SHA1

    8a0a7c3b782d892c68d1b623b04a07b32888f99a

  • SHA256

    ccfd154a77da3ae13c25daf08242434eeefa7b0e44ea65e7896a907ac6428c5a

  • SHA512

    7264baf7fd12944fd6bb12d8bdff56170fd9bb43341b544da732b2c2d6c0db94a475482ef2cae016835f27ac94cc73adeace06fcbe30abe2619f180f5d09dbe2

  • SSDEEP

    24576:4ycuQIuawb85uMicTETJT51wKUfBc1evPbh0IromCboFas2yw5JCO3/1ghlegde:/YIuaa85uMTwJT51wKU5cvYoAFuyQtgP

  Score

  10^/10

  redlinekedruinfostealerpersistence

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1