General
-
Target
5019147cf69ca2afab432c034842583b.exe
-
Size
1.3MB
-
Sample
210323-3ygyqkhnr6
-
MD5
5019147cf69ca2afab432c034842583b
-
SHA1
f9cb87e2fc98d1eb56481245d8546578486fdadd
-
SHA256
377d26a6588706b8cfe01190404beffb8ef5331e0bc5fe629cfd0683d590dd0b
-
SHA512
91c7ce80cb528d0e8fb4bae7f8dd9adc7a191dff1527dead074e94082c9414cc93b609bc0206272e413a2bc227456fcbeaa65b342fbd14a747faf672aff8f1b4
Static task
static1
Behavioral task
behavioral1
Sample
5019147cf69ca2afab432c034842583b.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
5019147cf69ca2afab432c034842583b.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
5019147cf69ca2afab432c034842583b.exe
-
Size
1.3MB
-
MD5
5019147cf69ca2afab432c034842583b
-
SHA1
f9cb87e2fc98d1eb56481245d8546578486fdadd
-
SHA256
377d26a6588706b8cfe01190404beffb8ef5331e0bc5fe629cfd0683d590dd0b
-
SHA512
91c7ce80cb528d0e8fb4bae7f8dd9adc7a191dff1527dead074e94082c9414cc93b609bc0206272e413a2bc227456fcbeaa65b342fbd14a747faf672aff8f1b4
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-