General
-
Target
c63d19254013b1268954ca8ad88b40a7.exe
-
Size
789KB
-
Sample
201101-q4tn3fq7gj
-
MD5
c63d19254013b1268954ca8ad88b40a7
-
SHA1
6df96fbebc9708ba1dfc209e06fc95586f4f74ef
-
SHA256
4e2065cecd07e0a7974565b591d3969f58c23f093afcda612413bb88ea39d2b6
-
SHA512
7227d76627ac9727458777446ef3897f4c0f8e7538d08e6fdbb2fdbbdbb6ffcb78d5f3f4e7a9d768284e2ad8afa294b16c3bfabfd0e86f5789310cfbdcdfe507
Static task
static1
Behavioral task
behavioral1
Sample
c63d19254013b1268954ca8ad88b40a7.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
c63d19254013b1268954ca8ad88b40a7.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
c63d19254013b1268954ca8ad88b40a7.exe
-
Size
789KB
-
MD5
c63d19254013b1268954ca8ad88b40a7
-
SHA1
6df96fbebc9708ba1dfc209e06fc95586f4f74ef
-
SHA256
4e2065cecd07e0a7974565b591d3969f58c23f093afcda612413bb88ea39d2b6
-
SHA512
7227d76627ac9727458777446ef3897f4c0f8e7538d08e6fdbb2fdbbdbb6ffcb78d5f3f4e7a9d768284e2ad8afa294b16c3bfabfd0e86f5789310cfbdcdfe507
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-