General
-
Target
446edc0d1f7fff55b43dc47d935ac4c8b4ec345a5edaf90f5ea2122d3137f19b
-
Size
2.1MB
-
Sample
201101-r6fdkehe9e
-
MD5
f3dfe4e0bbed035b5bde931585fe3183
-
SHA1
c294988850dca976f6d4c03f6e5d84221ba83368
-
SHA256
446edc0d1f7fff55b43dc47d935ac4c8b4ec345a5edaf90f5ea2122d3137f19b
-
SHA512
8505961fa8e254bdcc63ccbef66a7e748cffc42f905e62c12927ae27faa21c3898800b4a9071148daed16d8b1dda0b09954a257cad8e3f06aadd3897748620a2
Malware Config
Targets
-
-
Target
446edc0d1f7fff55b43dc47d935ac4c8b4ec345a5edaf90f5ea2122d3137f19b
-
Size
2.1MB
-
MD5
f3dfe4e0bbed035b5bde931585fe3183
-
SHA1
c294988850dca976f6d4c03f6e5d84221ba83368
-
SHA256
446edc0d1f7fff55b43dc47d935ac4c8b4ec345a5edaf90f5ea2122d3137f19b
-
SHA512
8505961fa8e254bdcc63ccbef66a7e748cffc42f905e62c12927ae27faa21c3898800b4a9071148daed16d8b1dda0b09954a257cad8e3f06aadd3897748620a2
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-