General
-
Target
b21336f35129415d339f0a8f2fc190f5.exe
-
Size
676KB
-
Sample
210303-9z2dpb4gjx
-
MD5
b21336f35129415d339f0a8f2fc190f5
-
SHA1
2ee98527e54dbb943f3f34046f66fbcc134be056
-
SHA256
b3aaccdc1085c2345fa97dee0864226062342c0f746ef0b91cd885f173ea572a
-
SHA512
0832bd4f73fbd302d5500aaf10f7ba2651e30547cc0a9bbd898f4ecfa9ee2480922809c95457cbd3382c7e075585ae069d2ea84b042066df69bad2e5c25e304e
Static task
static1
Behavioral task
behavioral1
Sample
b21336f35129415d339f0a8f2fc190f5.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
b21336f35129415d339f0a8f2fc190f5.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
b21336f35129415d339f0a8f2fc190f5.exe
-
Size
676KB
-
MD5
b21336f35129415d339f0a8f2fc190f5
-
SHA1
2ee98527e54dbb943f3f34046f66fbcc134be056
-
SHA256
b3aaccdc1085c2345fa97dee0864226062342c0f746ef0b91cd885f173ea572a
-
SHA512
0832bd4f73fbd302d5500aaf10f7ba2651e30547cc0a9bbd898f4ecfa9ee2480922809c95457cbd3382c7e075585ae069d2ea84b042066df69bad2e5c25e304e
-
Modifies WinLogon for persistence
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-