General
-
Target
795dc03bf5246668039ba21c448dfdfa.exe
-
Size
667KB
-
Sample
201102-2lqm34q37s
-
MD5
795dc03bf5246668039ba21c448dfdfa
-
SHA1
0b08fc0af416bcd562354d51bf435c120c70941c
-
SHA256
5419693f0efd8489bfd0db1c1ca0441f492512e106be69b75afe2a1d7bae3d46
-
SHA512
3c4abeead89cd56a5e4d70317efa93511b09bef41cd5fa6b068f38616272d34e733d02169868978352a0748015d1f8c6611ae5a3fb4740f30f3e575ec7e7d0e6
Static task
static1
Behavioral task
behavioral1
Sample
795dc03bf5246668039ba21c448dfdfa.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
795dc03bf5246668039ba21c448dfdfa.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
795dc03bf5246668039ba21c448dfdfa.exe
-
Size
667KB
-
MD5
795dc03bf5246668039ba21c448dfdfa
-
SHA1
0b08fc0af416bcd562354d51bf435c120c70941c
-
SHA256
5419693f0efd8489bfd0db1c1ca0441f492512e106be69b75afe2a1d7bae3d46
-
SHA512
3c4abeead89cd56a5e4d70317efa93511b09bef41cd5fa6b068f38616272d34e733d02169868978352a0748015d1f8c6611ae5a3fb4740f30f3e575ec7e7d0e6
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-