General
-
Target
67d05b59a14493bbe952ed4b8b5f9f18
-
Size
32KB
-
Sample
201117-j14llty5rs
-
MD5
67d05b59a14493bbe952ed4b8b5f9f18
-
SHA1
e3fbb5cf858bba309f6610a7c118097d14bfcfa1
-
SHA256
7918e6ed1823254990f59d6015d43cae2f3cccad92e725aa9b2a0f294dc08b61
-
SHA512
5e2c4db79770bb300bec19ab131c5533ed6ffe776d66eb930e79d85113c39064b0d3fe9986c6beddaefcc8b48de65b20d12201fc6faa28c2d3af5a2a5489fc3b
Malware Config
Targets
-
-
Target
67d05b59a14493bbe952ed4b8b5f9f18
-
Size
32KB
-
MD5
67d05b59a14493bbe952ed4b8b5f9f18
-
SHA1
e3fbb5cf858bba309f6610a7c118097d14bfcfa1
-
SHA256
7918e6ed1823254990f59d6015d43cae2f3cccad92e725aa9b2a0f294dc08b61
-
SHA512
5e2c4db79770bb300bec19ab131c5533ed6ffe776d66eb930e79d85113c39064b0d3fe9986c6beddaefcc8b48de65b20d12201fc6faa28c2d3af5a2a5489fc3b
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-