General
-
Target
lilal1.exe
-
Size
1.1MB
-
Sample
210313-1nstrxmkse
-
MD5
53491ccbc0a3cfea20af934cf4a460b4
-
SHA1
2208a9d51224806826e0c9648c486ddcf16e1ddb
-
SHA256
5d5c572bd9c5a93783e2fbd7c551b54570ab531df2b7d1b93758453c4124db03
-
SHA512
87be88c619f97dfbbebac622bd89fc3be278b7ff5b62a4ab96b4fdb1323d227c07ab274c41383bf95672c00a29230ecb19afb6a09b7b62087ef684860f2e561b
Static task
static1
Behavioral task
behavioral1
Sample
lilal1.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
lilal1.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
lilal1.exe
-
Size
1.1MB
-
MD5
53491ccbc0a3cfea20af934cf4a460b4
-
SHA1
2208a9d51224806826e0c9648c486ddcf16e1ddb
-
SHA256
5d5c572bd9c5a93783e2fbd7c551b54570ab531df2b7d1b93758453c4124db03
-
SHA512
87be88c619f97dfbbebac622bd89fc3be278b7ff5b62a4ab96b4fdb1323d227c07ab274c41383bf95672c00a29230ecb19afb6a09b7b62087ef684860f2e561b
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-