Extracted

• • Target

    007a34e66b87e5f1aa817529dbbd29f42fa379b6ef0621f47701a4813c42b363

  • Size

    1.4MB

  • MD5

    cd0616d27fbf60ee2bf7cff2cfe7f5f1

  • SHA1

    46fd9df2bee3f6d595a4aa5e8164ff77f03a1b52

  • SHA256

    007a34e66b87e5f1aa817529dbbd29f42fa379b6ef0621f47701a4813c42b363

  • SHA512

    281631649b66a451dd7ff6a32c3aa854d91825535fa8f13508f4e8dc2d339221aaa353cc729a2c8f6ee2e427e9f4ff27052190e4521dd0a7133b83d63ad06c79

  • SSDEEP

    24576:zyvMJBliGedSOGhaVKQ18pu+Z+5E006HJm2rg5pKGPthoBsh0m1Uor8:GvMJBliGCGjA+Zg927hoBsH

  Score

  10^/10

  redlinehordainfostealerpersistence

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1