redline

General

Target

8ED81EFA02F6F7699BB91E256E58E13B.exe
Size

1.2MB
Sample

210726-vqpl5qsdlj
MD5

8ed81efa02f6f7699bb91e256e58e13b
SHA1

3f90a6ae77c7270beb54c2040c73a2541ba07b3d
SHA256

482321570b1fc0a7bfb77d4cf59efc3762b79033956cb146e345b07dca1549d1
SHA512

5d5d22a1bee9d4778d3e4eec6c011548765c18265a98cc842afdb276b84c6ce78110a7ecd715e5af00aa937692871c5ed658f0a9ec0c117f5e24ade7e54b458c

Score

10^/10

Malware Config

Targets

- Target
  
  8ED81EFA02F6F7699BB91E256E58E13B.exe
- Size
  
  1.2MB
- MD5
  
  8ed81efa02f6f7699bb91e256e58e13b
- SHA1
  
  3f90a6ae77c7270beb54c2040c73a2541ba07b3d
- SHA256
  
  482321570b1fc0a7bfb77d4cf59efc3762b79033956cb146e345b07dca1549d1
- SHA512
  
  5d5d22a1bee9d4778d3e4eec6c011548765c18265a98cc842afdb276b84c6ce78110a7ecd715e5af00aa937692871c5ed658f0a9ec0c117f5e24ade7e54b458c
Score

10^/10

redline discovery infostealer spyware stealer suricata
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- suricata: ET MALWARE Arechclient2 Backdoor CnC Init
  suricata
- suricata: ET MALWARE JS/Nemucod requesting EXE payload 2016-02-01
  suricata
- suricata: ET MALWARE JS/Nemucod.M.gen downloading EXE payload
  suricata
- Downloads MZ/PE file
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2