General
-
Target
skipper.exe
-
Size
1.1MB
-
Sample
210428-3qwfmvpg4n
-
MD5
dba8101da0c11a3026fbd7278f28f977
-
SHA1
0f17ce1e24adfe2386e6e25c68100749e5d79dbb
-
SHA256
83b897270a955267f21de7462bdbe05910e48825ef79cc8ae142713f925fb802
-
SHA512
f912e8a79c3a0275b57fd2b652fc92ccd5c7595ef329331f14a0529c109d7e72482ef98929a539b89516a972b8b455484a56d1ca20c5ba5dcea3b49c699b3a21
Static task
static1
Behavioral task
behavioral1
Sample
skipper.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
skipper.exe
Resource
win10v20210410
Malware Config
Extracted
redline
EUU
download3.info:80
Extracted
redline
1414
188.119.112.16:46409
Targets
-
-
Target
skipper.exe
-
Size
1.1MB
-
MD5
dba8101da0c11a3026fbd7278f28f977
-
SHA1
0f17ce1e24adfe2386e6e25c68100749e5d79dbb
-
SHA256
83b897270a955267f21de7462bdbe05910e48825ef79cc8ae142713f925fb802
-
SHA512
f912e8a79c3a0275b57fd2b652fc92ccd5c7595ef329331f14a0529c109d7e72482ef98929a539b89516a972b8b455484a56d1ca20c5ba5dcea3b49c699b3a21
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-