Extracted

• • Target

    518aeb37912ca46392e19e233fbd13b679709766b058147b2ca4f92a90dbe4e6

  • Size

    754KB

  • MD5

    cd6b4d9d3d6c3003c3d8e9a897399d24

  • SHA1

    0b214c22c8f83626ad9d5aded7811f9a349e440f

  • SHA256

    518aeb37912ca46392e19e233fbd13b679709766b058147b2ca4f92a90dbe4e6

  • SHA512

    16609f120bc31aa5d92bd73d1a287bbb9508d56e22429c68eb08fe9f5293439279f065f4aa861dd45f2fcefcf82c26784ad4f129b36763438ac90793265ceb50

  • SSDEEP

    12288:VMrAy90Shg3n8LziJ+toZ9Fjvlh6DLY1h7sQ3hmCvPbQTqZRsZLx9XdGT6igd:Vy5qXUQ+yju41h7s0mCvzQTqvKLDXdGe

  Score

  10^/10

  redlinekedruinfostealerpersistence

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1