Extracted

• • Target

    89e8a15dca11e1ba0705bfeb2380a2304ea0b103e31a733a46165965be4ecae6

  • Size

    267KB

  • MD5

    c39839f7ed291ea111048795dd5be6f7

  • SHA1

    e3162bfc28faede95ef05e4dc3a4889e6c2c1cc9

  • SHA256

    89e8a15dca11e1ba0705bfeb2380a2304ea0b103e31a733a46165965be4ecae6

  • SHA512

    367d2c3ecce821c2cf673757f773d56dc499556a971519d0c1e1a93bb48afe575491eaf9e2bfde17436d7491881296885a22a1e3711153fc46a9a9f1fbcef8aa

  • SSDEEP

    6144:dAcllhS4qdxjPxUUshB0FRgmdE8YtzkmmKU:+a/SNRFMmd7YtCKU

  Score

  10^/10

  redline7001210066discoveryinfostealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Legitimate hosting services abused for malware hosting/C2

  • Suspicious use of SetThreadContext

  behavioral1behavioral2