General
-
Target
BTRSetp.exe
-
Size
678KB
-
Sample
210218-qe7lrnnrxn
-
MD5
b2d8ce7b40730bc6615728b1b1795ce9
-
SHA1
5cf7a63f3ecc2184e7b2894c78538d89f7063fe1
-
SHA256
ee4b58514316c6fc928e60245384560a24723e690a3311e8c2dd9e8efd5de7ca
-
SHA512
cc79016627fb17a864ca3414f8bc598d52a9d17ec64ee1005b059a84597fe16493203879ff1c5a5ed46cf15a9e590098672a4b21a38852cace9bb02d8f1c531e
Static task
static1
Behavioral task
behavioral1
Sample
BTRSetp.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
BTRSetp.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
BTRSetp.exe
-
Size
678KB
-
MD5
b2d8ce7b40730bc6615728b1b1795ce9
-
SHA1
5cf7a63f3ecc2184e7b2894c78538d89f7063fe1
-
SHA256
ee4b58514316c6fc928e60245384560a24723e690a3311e8c2dd9e8efd5de7ca
-
SHA512
cc79016627fb17a864ca3414f8bc598d52a9d17ec64ee1005b059a84597fe16493203879ff1c5a5ed46cf15a9e590098672a4b21a38852cace9bb02d8f1c531e
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-