General
-
Target
SecuriteInfo.com.Variant.Bulz.241879.18500.7579
-
Size
512KB
-
Sample
201201-gsxmdq4lza
-
MD5
3f4e559cf4c7ce058a3c1368f5137840
-
SHA1
d079140a01cb3ac2eb5421cf05d2c60472331c96
-
SHA256
b9ff9371b8d7b58efd56d5d5b7e63b71db6053be98c3b072e8743fd664c6b29b
-
SHA512
c1fe67d5457221bc88e4d01459107123c62c0237b4b8fe4f11a0a2500bffe98055ad13322163ccf0be8e4046b427f224a4a75a24a0ed488e2be201aed80ac151
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Variant.Bulz.241879.18500.7579.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Variant.Bulz.241879.18500.7579.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Variant.Bulz.241879.18500.7579
-
Size
512KB
-
MD5
3f4e559cf4c7ce058a3c1368f5137840
-
SHA1
d079140a01cb3ac2eb5421cf05d2c60472331c96
-
SHA256
b9ff9371b8d7b58efd56d5d5b7e63b71db6053be98c3b072e8743fd664c6b29b
-
SHA512
c1fe67d5457221bc88e4d01459107123c62c0237b4b8fe4f11a0a2500bffe98055ad13322163ccf0be8e4046b427f224a4a75a24a0ed488e2be201aed80ac151
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-