General
-
Target
027df404dc6098728eb2e89c9649eb25e17cdd867bd1a80a96cdcbe9cb4f196b
-
Size
571KB
-
Sample
201106-3wejjl37b2
-
MD5
d79d1213a930b951d933adc1f33f4ca0
-
SHA1
41b80eb754b3647e29381b7ed93ae4c7f0e6d036
-
SHA256
027df404dc6098728eb2e89c9649eb25e17cdd867bd1a80a96cdcbe9cb4f196b
-
SHA512
b8650a59aeb228984ec48a671e20de6668f203fee566afb3245a1770a7c19785b7d7bccf2d0ab41e73c226490abc5222e94653b70b6423aa61e1e29cd6119c97
Malware Config
Targets
-
-
Target
027df404dc6098728eb2e89c9649eb25e17cdd867bd1a80a96cdcbe9cb4f196b
-
Size
571KB
-
MD5
d79d1213a930b951d933adc1f33f4ca0
-
SHA1
41b80eb754b3647e29381b7ed93ae4c7f0e6d036
-
SHA256
027df404dc6098728eb2e89c9649eb25e17cdd867bd1a80a96cdcbe9cb4f196b
-
SHA512
b8650a59aeb228984ec48a671e20de6668f203fee566afb3245a1770a7c19785b7d7bccf2d0ab41e73c226490abc5222e94653b70b6423aa61e1e29cd6119c97
Score10/10-
ElysiumStealer
ElysiumStealer (previously known as ZeromaxStealer) is an info stealer that can steal login credentials for various accounts.
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-