Extracted

Extracted

• • Target

    f481075cb1f883156cebe55be87d38811ffbb89b82ede18be933761afdbc0f46

  • Size

    1.1MB

  • MD5

    b81255811776e073c6b7eb0f795fa374

  • SHA1

    f41680b8064fa21d7532a7d8cae68588e0d9301f

  • SHA256

    f481075cb1f883156cebe55be87d38811ffbb89b82ede18be933761afdbc0f46

  • SHA512

    ad2bd79bfc8f5776a43ff6228046a1420255ac823af765cdc890c0449a94483d6313a6150b2d87c5156201e2c09d75e7572fa8d0ec5ff8e870bf770060574121

  • SSDEEP

    24576:tyoLV7cwmlCvGodI2cV5hije3Hho7iFHCQ2MeF:IWV7IlCv5q5hWeXhx9u

  Score

  10^/10

  privateloaderredlineriseprohordainfostealerloaderpersistencestealer

  • PrivateLoader

    PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

    loaderprivateloader

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro

  • Drops startup file

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1