General
-
Target
Setup_x32_x64.exe
-
Size
3.1MB
-
Sample
210628-9yz2llm432
-
MD5
189831c84b7f83f15cf97daacf648049
-
SHA1
db68f095ac383c2677ec4c627db60ffd481743ba
-
SHA256
90cb6542cde9c3f08f685a1618eb41006e1453452fdca346530412ffa5a9ac4c
-
SHA512
94546723125ae73a631ed776df220a3556bb85f5b7927594189794b7a4454d4df42533763a89c0c2f253e8953574a444565d00df3ae1b97f8b4fb80af1c63690
Static task
static1
Behavioral task
behavioral1
Sample
Setup_x32_x64.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Setup_x32_x64.exe
Resource
win10v20210410
Malware Config
Extracted
redline
18_6_bl_84s7
qitoshalan.xyz:80
Targets
-
-
Target
Setup_x32_x64.exe
-
Size
3.1MB
-
MD5
189831c84b7f83f15cf97daacf648049
-
SHA1
db68f095ac383c2677ec4c627db60ffd481743ba
-
SHA256
90cb6542cde9c3f08f685a1618eb41006e1453452fdca346530412ffa5a9ac4c
-
SHA512
94546723125ae73a631ed776df220a3556bb85f5b7927594189794b7a4454d4df42533763a89c0c2f253e8953574a444565d00df3ae1b97f8b4fb80af1c63690
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
autoit_exe
AutoIT scripts compiled to PE executables.
-