General
-
Target
026de3494e6213658ddde0b7818ca8f5.exe
-
Size
631KB
-
Sample
201103-he9csqs96e
-
MD5
026de3494e6213658ddde0b7818ca8f5
-
SHA1
52afb07a84e9373b770a41f3bb3ce2949ff18acc
-
SHA256
2f1ddb2471b5361788e5f3366513f69b03d605bc609beea401f6864cd70ca0ff
-
SHA512
ee09ca907fc9cfb26436ffb823075aa72b5e24f5d5e44d9fb6eb17e4ca55cce09420a229c579574f1b2e0db5f60096695a53554099824755e38aa6e85ab8baf5
Static task
static1
Behavioral task
behavioral1
Sample
026de3494e6213658ddde0b7818ca8f5.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
026de3494e6213658ddde0b7818ca8f5.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
026de3494e6213658ddde0b7818ca8f5.exe
-
Size
631KB
-
MD5
026de3494e6213658ddde0b7818ca8f5
-
SHA1
52afb07a84e9373b770a41f3bb3ce2949ff18acc
-
SHA256
2f1ddb2471b5361788e5f3366513f69b03d605bc609beea401f6864cd70ca0ff
-
SHA512
ee09ca907fc9cfb26436ffb823075aa72b5e24f5d5e44d9fb6eb17e4ca55cce09420a229c579574f1b2e0db5f60096695a53554099824755e38aa6e85ab8baf5
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-