RedLine_Stealer[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

RedLine_Stealer.zip
Size

7.2MB
MD5

f5610c0dac2679d141ebfd5dd040427a
SHA1

e04a8656928ca3b5ea6205d07e55a7205987beff
SHA256

4226bc2aecc7f4535a1ad2f2b537a500800ecc3eda775b5fb6b98b854ceb638b
SHA512

2b37f199170149c0ec1ace8ec5221ead3e55805c8ea28c1990744878a1e2ce06369fabd6f50dab961ea2edf7406ce2524a986833b5356b67594eb1a350a8158c
SSDEEP

196608:xN3ynBGHTFakW17zH0QyKvf4ExZn43rPGw7uSLdF92Xb8zNQ2b:xICakAznrnZmFqm2Xb8zJb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/549215a7b9832f2cdb44be0692842ee2bf3042a84073e53d1081ca2663db37ba

Files

RedLine_Stealer.zip
.zip

Password: infectedinfected
549215a7b9832f2cdb44be0692842ee2bf3042a84073e53d1081ca2663db37ba
.exe windows:4 windows x86

Password: infectedinfected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 7.1MB - Virtual size: 7.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ