General
-
Target
micro_805384706.zip
-
Size
9.7MB
-
Sample
210117-4xdgex8f8e
-
MD5
94cf735ee2c2778507efe4978cb4fe3e
-
SHA1
9fa8f4e3668bb21336010933ff08c78e23c25cb3
-
SHA256
3ae7cb3bae5adff82eef29e082254c9cfbaab50cbce90640f567add65e632d80
-
SHA512
e6481ee403ea56ef0cabf0ee2c59d5e1f709182e8ece490cdee8c82b63de8c4896dc5db2c52325b95160ea836037c5d5ff7aa8f076b5104f0fd954443c5edf11
Static task
static1
Behavioral task
behavioral1
Sample
micro_805384706.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
micro_805384706.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
micro_805384706.exe
-
Size
9.4MB
-
MD5
8c87a217f62f72867334dcda67445c36
-
SHA1
089003443cca7a9343e8221f96a434513c9c1163
-
SHA256
47dfbd33c99e8254207d7bcb7cdf2be6cf231f9b1960b16ac1888fac71daa61f
-
SHA512
c1c366b51dcb8084f0887673b75b188ec575a3d5afd3d6cb6e845c36b00d82ffbac3152b86a078f05b3c7c666222705c5916dee441300b7117f5b6f7d6f2c5ee
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Creates new service(s)
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
JavaScript code in executable
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-