General
-
Target
7bcd22e964544f14d0b786e95aa887a45316e81892723aebd95d7cca57bf0529
-
Size
1010KB
-
Sample
220427-vmkxrsabbm
-
MD5
9f1ce9c287893dd64fd52636ca6b8633
-
SHA1
8eabaaddd2ba0a07e9e1df042ab951f7f311ecda
-
SHA256
7bcd22e964544f14d0b786e95aa887a45316e81892723aebd95d7cca57bf0529
-
SHA512
e625ee5f29a78796c20c93fdc7c078c8e82053b2dd21bb50975ee616bcab70419128eedcc4447e77c221e49c839da53fcb4117fd1496da33a244ba1c3481c564
Static task
static1
Behavioral task
behavioral1
Sample
7bcd22e964544f14d0b786e95aa887a45316e81892723aebd95d7cca57bf0529.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
7bcd22e964544f14d0b786e95aa887a45316e81892723aebd95d7cca57bf0529.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
redline
1
xeligaean.xyz:80
Targets
-
-
Target
7bcd22e964544f14d0b786e95aa887a45316e81892723aebd95d7cca57bf0529
-
Size
1010KB
-
MD5
9f1ce9c287893dd64fd52636ca6b8633
-
SHA1
8eabaaddd2ba0a07e9e1df042ab951f7f311ecda
-
SHA256
7bcd22e964544f14d0b786e95aa887a45316e81892723aebd95d7cca57bf0529
-
SHA512
e625ee5f29a78796c20c93fdc7c078c8e82053b2dd21bb50975ee616bcab70419128eedcc4447e77c221e49c839da53fcb4117fd1496da33a244ba1c3481c564
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-