General
-
Target
qZ0RXW.exe
-
Size
912KB
-
Sample
210312-7bwh3xg866
-
MD5
8c03063314b0aa3d6a7d26c1f6db60b4
-
SHA1
6955952347314e7e19895778af232b14a15c736d
-
SHA256
8378458c45be220207b12b7dbeeee4fcd9a4c4f51973d828834b418ded6e781f
-
SHA512
d55407a63928afa38612e58fef7253452cc799f8659c4a78e93ba94b2d07feb7a2e47e1294b79879b440fe5bc8ad0d8c7563a6d4e1a0e2d31aa9424c009f9839
Static task
static1
Behavioral task
behavioral1
Sample
qZ0RXW.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
qZ0RXW.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
qZ0RXW.exe
-
Size
912KB
-
MD5
8c03063314b0aa3d6a7d26c1f6db60b4
-
SHA1
6955952347314e7e19895778af232b14a15c736d
-
SHA256
8378458c45be220207b12b7dbeeee4fcd9a4c4f51973d828834b418ded6e781f
-
SHA512
d55407a63928afa38612e58fef7253452cc799f8659c4a78e93ba94b2d07feb7a2e47e1294b79879b440fe5bc8ad0d8c7563a6d4e1a0e2d31aa9424c009f9839
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-