General
-
Target
0236d3993de861cf53b05ad370166a4a.exe
-
Size
622KB
-
Sample
210219-xhyzksp9sa
-
MD5
0236d3993de861cf53b05ad370166a4a
-
SHA1
142cc937909cc40ada97c2f044ffcf8012a6be00
-
SHA256
7ba598295df994536137bc987b00344e609035b56a40c93354cde719cd4a2989
-
SHA512
0e06bd80e647a814861c3694910892961d4688171ebcb76cbcee897f9a8eb1870ce7a88196c130b4870d0cd0c8d8810968505be556e74d52720fd491fa47f83d
Static task
static1
Behavioral task
behavioral1
Sample
0236d3993de861cf53b05ad370166a4a.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
0236d3993de861cf53b05ad370166a4a.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
0236d3993de861cf53b05ad370166a4a.exe
-
Size
622KB
-
MD5
0236d3993de861cf53b05ad370166a4a
-
SHA1
142cc937909cc40ada97c2f044ffcf8012a6be00
-
SHA256
7ba598295df994536137bc987b00344e609035b56a40c93354cde719cd4a2989
-
SHA512
0e06bd80e647a814861c3694910892961d4688171ebcb76cbcee897f9a8eb1870ce7a88196c130b4870d0cd0c8d8810968505be556e74d52720fd491fa47f83d
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-