General
-
Target
75be014e5cba03bc01cad324c0858808.exe
-
Size
777KB
-
Sample
201030-zx4zgxk8ne
-
MD5
75be014e5cba03bc01cad324c0858808
-
SHA1
ea7975231e51ed81b1f3f101580829b2cce39fc3
-
SHA256
87cd820fbd3707a5c0163a68fc72eeee76d16867aefc372c19b03bf1edc0bbd7
-
SHA512
fef33c0723c826d899480d0a880cce771a18d0582bca1a01144f7671bb47ddf45752c7e450fdb417f91919ec1c5c4b6a6b6f21546b0f0aa6590d993adaee8eea
Static task
static1
Behavioral task
behavioral1
Sample
75be014e5cba03bc01cad324c0858808.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
75be014e5cba03bc01cad324c0858808.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
75be014e5cba03bc01cad324c0858808.exe
-
Size
777KB
-
MD5
75be014e5cba03bc01cad324c0858808
-
SHA1
ea7975231e51ed81b1f3f101580829b2cce39fc3
-
SHA256
87cd820fbd3707a5c0163a68fc72eeee76d16867aefc372c19b03bf1edc0bbd7
-
SHA512
fef33c0723c826d899480d0a880cce771a18d0582bca1a01144f7671bb47ddf45752c7e450fdb417f91919ec1c5c4b6a6b6f21546b0f0aa6590d993adaee8eea
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-