General
-
Target
d2f9b038e689ac9fc99352bd766690e4.exe
-
Size
190KB
-
Sample
210418-f246jvscan
-
MD5
d2f9b038e689ac9fc99352bd766690e4
-
SHA1
19380ac92419895626cc9b9d7b6ecdd183a81e30
-
SHA256
8b6be03e0a14f193dd33c6dfdc1a1c27d3d59044ea246b3a12eb4a7d790dd4ed
-
SHA512
0d9b801661eea6c0499b46e8acc929196bf8130d989bb4e5e8d94c19bef3412c4c43b9c232f462a4c28a90786c6af21bfd2d8d611e3b7820b5c7a01e668ce3eb
Malware Config
Targets
-
-
Target
d2f9b038e689ac9fc99352bd766690e4.exe
-
Size
190KB
-
MD5
d2f9b038e689ac9fc99352bd766690e4
-
SHA1
19380ac92419895626cc9b9d7b6ecdd183a81e30
-
SHA256
8b6be03e0a14f193dd33c6dfdc1a1c27d3d59044ea246b3a12eb4a7d790dd4ed
-
SHA512
0d9b801661eea6c0499b46e8acc929196bf8130d989bb4e5e8d94c19bef3412c4c43b9c232f462a4c28a90786c6af21bfd2d8d611e3b7820b5c7a01e668ce3eb
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-