General
-
Target
1ce039aea64adef141e569f8b0ac547da1e4ae0920b4060de9041cf8f16db818.exe
-
Size
16KB
-
Sample
210211-zjcf5n58v2
-
MD5
ea28f02c1be43708f4a53152a022900b
-
SHA1
515cec6125b3a21e5e9dc86661d75b8658835cf8
-
SHA256
1ce039aea64adef141e569f8b0ac547da1e4ae0920b4060de9041cf8f16db818
-
SHA512
45956effd7889e28f1239e1c230cff9c51dc894a0675baf8b72acc84a0eada6f95083afd4eaeeb69cd60f014c1175fbc8ef132bc4de0ce47fde5d081894d4fa5
Static task
static1
Behavioral task
behavioral1
Sample
1ce039aea64adef141e569f8b0ac547da1e4ae0920b4060de9041cf8f16db818.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
1ce039aea64adef141e569f8b0ac547da1e4ae0920b4060de9041cf8f16db818.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
1ce039aea64adef141e569f8b0ac547da1e4ae0920b4060de9041cf8f16db818.exe
-
Size
16KB
-
MD5
ea28f02c1be43708f4a53152a022900b
-
SHA1
515cec6125b3a21e5e9dc86661d75b8658835cf8
-
SHA256
1ce039aea64adef141e569f8b0ac547da1e4ae0920b4060de9041cf8f16db818
-
SHA512
45956effd7889e28f1239e1c230cff9c51dc894a0675baf8b72acc84a0eada6f95083afd4eaeeb69cd60f014c1175fbc8ef132bc4de0ce47fde5d081894d4fa5
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Deletes itself
-
Legitimate hosting services abused for malware hosting/C2
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Suspicious use of SetThreadContext
-