General
-
Target
8053506734f293e5b9a7d5a74a63efb6.exe
-
Size
2.2MB
-
Sample
210218-rxjp9g64jn
-
MD5
8053506734f293e5b9a7d5a74a63efb6
-
SHA1
afbb07b83da8f55d49a251cb55247ac112ef12e0
-
SHA256
4b69264d212fab133ea59acc6214291f5915ab027ed8b9535214d8a655b0cc91
-
SHA512
f4f0e82203d11d641e251881db91392c3f50119637c5a9a62f14d3e475b17936c42ca3de24e15c8b18640c97a9073fa8cafea769e285be5fca93316b1c55dde2
Static task
static1
Behavioral task
behavioral1
Sample
8053506734f293e5b9a7d5a74a63efb6.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
8053506734f293e5b9a7d5a74a63efb6.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
8053506734f293e5b9a7d5a74a63efb6.exe
-
Size
2.2MB
-
MD5
8053506734f293e5b9a7d5a74a63efb6
-
SHA1
afbb07b83da8f55d49a251cb55247ac112ef12e0
-
SHA256
4b69264d212fab133ea59acc6214291f5915ab027ed8b9535214d8a655b0cc91
-
SHA512
f4f0e82203d11d641e251881db91392c3f50119637c5a9a62f14d3e475b17936c42ca3de24e15c8b18640c97a9073fa8cafea769e285be5fca93316b1c55dde2
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-