General
-
Target
SecuriteInfo.com.Artemis6F952B81A92F.13442
-
Size
745KB
-
Sample
201028-c5wyzxlbtj
-
MD5
6f952b81a92f7f780923635648b428c0
-
SHA1
6c82f9a7c8667e92fe067789b8bceed727017b02
-
SHA256
b185c97cf356748005cda3b4ccb5a6df0e059c8869ba3b3f33595984bb60f380
-
SHA512
76019d90a1c6142e9167561088e649b1d62366e81654c34b93b74ad36dc6d5a3f38f61e9cb987040dcda8ca11521a496fcb5b5857b724f53bbd2eb3cda7bc994
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Artemis6F952B81A92F.13442.exe
Resource
win7
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Artemis6F952B81A92F.13442.exe
Resource
win10
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Artemis6F952B81A92F.13442
-
Size
745KB
-
MD5
6f952b81a92f7f780923635648b428c0
-
SHA1
6c82f9a7c8667e92fe067789b8bceed727017b02
-
SHA256
b185c97cf356748005cda3b4ccb5a6df0e059c8869ba3b3f33595984bb60f380
-
SHA512
76019d90a1c6142e9167561088e649b1d62366e81654c34b93b74ad36dc6d5a3f38f61e9cb987040dcda8ca11521a496fcb5b5857b724f53bbd2eb3cda7bc994
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-