Extracted

• • Target

    b2327dcbdb5f8a0140dd69c4b7f4d12a66357c9f43901ef3fdaeb118ed5df963

  • Size

    1.3MB

  • MD5

    0f6f4ca6d1d9bd359d2f5569a6247fe9

  • SHA1

    cfbe1e742a05fb60d03bb326e3fbada733a29f73

  • SHA256

    b2327dcbdb5f8a0140dd69c4b7f4d12a66357c9f43901ef3fdaeb118ed5df963

  • SHA512

    ea06cdbd0bb5ef39bbc9c5cfe5a920ef3d016a2f684a09cd9f7c69deeba483200a97fe6a93e6d310369dbf41089b64921446d809485cb025a5eb1a5bc4ae831a

  • SSDEEP

    24576:tyvhAUl20a/x9paQDtktdtoemAR2Y5lSmeKyIuRIkmlJb37czwBhNwS:INk0a/75Bkt7oBArCD6kmPLczeQ

  Score

  10^/10

  redlinehordainfostealerpersistence

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1