General
-
Target
6bae287a411a73f36113f49f9c54b254.exe
-
Size
1.1MB
-
Sample
210111-qjey17nkqn
-
MD5
6bae287a411a73f36113f49f9c54b254
-
SHA1
b0ca0d73d2abd2c4a95ed45056c3374446ad050d
-
SHA256
7c19dad6af8b2138eb289abbf8f64664ddc07f8d9f715445e8774c3bff4fbb02
-
SHA512
411f288c52bd582191a4a167affa1ec4e1c89ec4d96e27ea47c5fbc3cf56d9d1d4c675652f8876549b42edd6322dec2ff7e3cc3e0445f863791a2aff9882ca43
Malware Config
Targets
-
-
Target
6bae287a411a73f36113f49f9c54b254.exe
-
Size
1.1MB
-
MD5
6bae287a411a73f36113f49f9c54b254
-
SHA1
b0ca0d73d2abd2c4a95ed45056c3374446ad050d
-
SHA256
7c19dad6af8b2138eb289abbf8f64664ddc07f8d9f715445e8774c3bff4fbb02
-
SHA512
411f288c52bd582191a4a167affa1ec4e1c89ec4d96e27ea47c5fbc3cf56d9d1d4c675652f8876549b42edd6322dec2ff7e3cc3e0445f863791a2aff9882ca43
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-