General
-
Target
38920e6f3a9c5908e9360388f0aa1f65b8e3df46849d758db7e1cdbf84727e3f.exe
-
Size
1.1MB
-
Sample
210321-z3aj65x8vn
-
MD5
f5366963764901262499c8021333f986
-
SHA1
e57b794220e7a6184614ccd4a6ddcf99de7e0717
-
SHA256
38920e6f3a9c5908e9360388f0aa1f65b8e3df46849d758db7e1cdbf84727e3f
-
SHA512
84cde9fd4846e839fee7171546c76253c321af4bc619e2b0b4830077b9d966251e36217f60c6da6c31258770fbf71284a1896a7bc5b388c609ebf18be9c048d6
Static task
static1
Behavioral task
behavioral1
Sample
38920e6f3a9c5908e9360388f0aa1f65b8e3df46849d758db7e1cdbf84727e3f.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
38920e6f3a9c5908e9360388f0aa1f65b8e3df46849d758db7e1cdbf84727e3f.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
38920e6f3a9c5908e9360388f0aa1f65b8e3df46849d758db7e1cdbf84727e3f.exe
-
Size
1.1MB
-
MD5
f5366963764901262499c8021333f986
-
SHA1
e57b794220e7a6184614ccd4a6ddcf99de7e0717
-
SHA256
38920e6f3a9c5908e9360388f0aa1f65b8e3df46849d758db7e1cdbf84727e3f
-
SHA512
84cde9fd4846e839fee7171546c76253c321af4bc619e2b0b4830077b9d966251e36217f60c6da6c31258770fbf71284a1896a7bc5b388c609ebf18be9c048d6
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-