redline-stealer[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

redline-stealer.zip
Size

182KB
MD5

ef088862c48d25e9840afbaa8dd87f08
SHA1

7adb5f95b784f2b897231066c4fb39e69f8c6414
SHA256

714803da097f99ae3dd486138e8ec3ac512c102bdc638178cfdbf258662d7bac
SHA512

f161acb138a90c474c5c98bb2f00e02c764a1c58bd855f371baa46b333ae71e39ea5ada228fa7981d8997c45a5af2b6d2ac2eca0cb56c6066767148e13b007be
SSDEEP

3072:E91gxTzunKLn7jQAemxqO6tk0g3ww7k1I1pM1BPD8/dI0XT3YOF:Kexzjcmqk0Bw7kSaQlI07Yw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/b7c03edc3e71469262d5f654f771389c80f550780fdd09158f988605ff162488.exe

Files

redline-stealer.zip
.zip

Password: infected
b7c03edc3e71469262d5f654f771389c80f550780fdd09158f988605ff162488.exe
.exe windows:5 windows x86 arch:x86

Password: infected

eef73dcf0156189a0ea0d7fcf851eb31

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\rejumozuno_vugibacahap davig.pdb

Imports

kernel32

GetModuleHandleA
FoldStringA
InterlockedCompareExchange
OpenWaitableTimerW
CreateEventA
ReadConsoleInputW
WaitNamedPipeW
CommConfigDialogW
GetSystemTimeAdjustment
FindNextFileA
EnumResourceTypesW
GetModuleFileNameW
UpdateResourceA
LoadLibraryW
DeleteFileA
CopyFileW
VirtualAlloc
WriteConsoleOutputCharacterA
GetConsoleAliasW
GetShortPathNameA
GetPrivateProfileStringA
PeekConsoleInputA
GlobalGetAtomNameW
ReleaseActCtx
FindFirstChangeNotificationW
WritePrivateProfileStringA
EnumResourceNamesW
LockFile
CommConfigDialogA
lstrcpynA
AddAtomA
AllocConsole
GetLongPathNameA
GetSystemDefaultLCID
GetSystemDefaultLangID
GetProcessHandleCount
GetLastError
VirtualProtect
GlobalAlloc
SetFileShortNameW
GetVolumeNameForVolumeMountPointA
GetFileSizeEx
GetFileAttributesExW
SetComputerNameW
GetFileAttributesA
ReadConsoleA
GetVolumePathNameW
FindNextFileW
OpenJobObjectA
InitializeCriticalSection
GlobalWire
GetComputerNameW
GetVersionExA
GetProcAddress
LoadLibraryA
CreateFileA
CloseHandle
HeapAlloc
MultiByteToWideChar
RtlUnwind
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
HeapFree
VirtualFree
HeapReAlloc
HeapCreate
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetModuleFileNameA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
ReadFile
HeapSize
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

user32

ClientToScreen

advapi32

ClearEventLogA

msimg32

AlphaBlend

Sections

.text
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

eef73dcf0156189a0ea0d7fcf851eb31

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

msimg32

Sections

.text Size: 95KB - Virtual size: 94KB

.data Size: 72KB - Virtual size: 82KB

.rsrc Size: 97KB - Virtual size: 97KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 95KB - Virtual size: 94KB

.data
Size: 72KB - Virtual size: 82KB

.rsrc
Size: 97KB - Virtual size: 97KB

.reloc
Size: 7KB - Virtual size: 7KB