Extracted

• • Target

    83c239daead7fd351924f1580a026cc9c93115adbd9e992a1c65deabbe2701b4.exe

  • Size

    2.2MB

  • MD5

    bda80c569715cb4e427f9408b389238a

  • SHA1

    c1982d58ce154872aced5460cd88b106dfeaa6f7

  • SHA256

    83c239daead7fd351924f1580a026cc9c93115adbd9e992a1c65deabbe2701b4

  • SHA512

    ee31887687504525cfe9b0ac9e079a396ba92819bdfca2eb5259bea8b900a762cf58630cd19dc2fefbffa5253a30344691438cd3d344086ef337247f2247411d

  • SSDEEP

    49152:V5Oxg/TFlCpM/CWKNdDgQbHbJwzF00nVLqk6FzreoZo:V5FFlCi/n4mc7M00nVGkgzrnZo

  Score

  10^/10

  discoveryredlinelogsdiller cloud (tg: @logsdillabot)infostealer

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline

  • RedLine payload

  • Redline family

    redline

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Uses the VBS compiler for execution

  • Suspicious use of SetThreadContext

  behavioral1behavioral2