General
-
Target
5bf8730e87830aa2c1727cb50de3b9f7.exe
-
Size
193KB
-
Sample
210418-swq921pr16
-
MD5
5bf8730e87830aa2c1727cb50de3b9f7
-
SHA1
e1bd4c89b0f3bbc4e43dacbf956108f7d67d5c15
-
SHA256
51e48b45ee8d8d7ed18971b8f904f45e8b19b588f9291587f8933bcd8b5d1105
-
SHA512
9b1109f9714179d4826d7c766852c994cea78f6797c6a3759f61e05505fd0241c6b3090256a2d9e0807126ca5a51afe0cb5d283519cfb177452b485cc3c4c85a
Static task
static1
Behavioral task
behavioral1
Sample
5bf8730e87830aa2c1727cb50de3b9f7.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
5bf8730e87830aa2c1727cb50de3b9f7.exe
Resource
win10v20210408
Malware Config
Targets
-
-
Target
5bf8730e87830aa2c1727cb50de3b9f7.exe
-
Size
193KB
-
MD5
5bf8730e87830aa2c1727cb50de3b9f7
-
SHA1
e1bd4c89b0f3bbc4e43dacbf956108f7d67d5c15
-
SHA256
51e48b45ee8d8d7ed18971b8f904f45e8b19b588f9291587f8933bcd8b5d1105
-
SHA512
9b1109f9714179d4826d7c766852c994cea78f6797c6a3759f61e05505fd0241c6b3090256a2d9e0807126ca5a51afe0cb5d283519cfb177452b485cc3c4c85a
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-