Extracted

• • Target

    d59187db1f37e5632cf297e63e084f6a63f3012959ec3730865dcb3a4559d737

  • Size

    267KB

  • MD5

    141edd713d644e64fe4703fa7a91be15

  • SHA1

    fae101f447ba31d0dae183ed455dcf46ad291d34

  • SHA256

    d59187db1f37e5632cf297e63e084f6a63f3012959ec3730865dcb3a4559d737

  • SHA512

    43c8efe0939e4ac794f6cd92b3b76b1d61718853410c00d0c9471becca05ee4cafc1baeeba2ad5349a00c8072861d51a3b7167a245b15aa9231e0f0b50f6e36a

  • SSDEEP

    6144:+icllhS4qdxjPxUUsM/Au5RD2xZPm/GcEoLmXmmKU:na/SNR7yxZPm/GcEoLmrKU

  Score

  10^/10

  redline7001210066discoveryinfostealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of SetThreadContext

  behavioral1behavioral2