General
-
Target
1.exe
-
Size
1.7MB
-
Sample
201101-8g2epj8fz6
-
MD5
b94ad575e604d244b6f57abb25326abe
-
SHA1
ff098b3d4acdacda023fd51961a26f4a8eea719e
-
SHA256
96fadfece02fcc7d1b3f8e98c1df30dc61e9e8298543de46b54ad088f18aec59
-
SHA512
8d594e8aa003748a54f2b3491dd30f507f92f512231430b682bb302729b2e3b3b0ce8ec73062d2285775750666d63d5efb3519cdf028c258222e3b7ea196abc5
Static task
static1
Behavioral task
behavioral1
Sample
1.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
1.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
1.exe
-
Size
1.7MB
-
MD5
b94ad575e604d244b6f57abb25326abe
-
SHA1
ff098b3d4acdacda023fd51961a26f4a8eea719e
-
SHA256
96fadfece02fcc7d1b3f8e98c1df30dc61e9e8298543de46b54ad088f18aec59
-
SHA512
8d594e8aa003748a54f2b3491dd30f507f92f512231430b682bb302729b2e3b3b0ce8ec73062d2285775750666d63d5efb3519cdf028c258222e3b7ea196abc5
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-