General
-
Target
0e466b730016adff5bcf8b6abfdb5dc8.exe
-
Size
965KB
-
Sample
200630-cyllxsvw7j
-
MD5
0e466b730016adff5bcf8b6abfdb5dc8
-
SHA1
86b2e10d572be2c3d05a4b0fc3a2f441fd30d38b
-
SHA256
458d776a78396a0b2a3a7f2a66304e5ceb05038b50ad936cecaeba7c584807db
-
SHA512
fcac2b1c9028a093c522140312ada0d2f897e05c41a88d8c5e88eff9c732de2811ffbe4effd65cfedb5822e203149836fcf9299bece2edeafa3db799892cb01e
Malware Config
Targets
-
-
Target
0e466b730016adff5bcf8b6abfdb5dc8.exe
-
Size
965KB
-
MD5
0e466b730016adff5bcf8b6abfdb5dc8
-
SHA1
86b2e10d572be2c3d05a4b0fc3a2f441fd30d38b
-
SHA256
458d776a78396a0b2a3a7f2a66304e5ceb05038b50ad936cecaeba7c584807db
-
SHA512
fcac2b1c9028a093c522140312ada0d2f897e05c41a88d8c5e88eff9c732de2811ffbe4effd65cfedb5822e203149836fcf9299bece2edeafa3db799892cb01e
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks for installed software on the system
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Modifies system certificate store
-
Suspicious use of SetThreadContext
-