Sample name: | 6RE1Z857ae.exerenamed because original name is a hash value |
Original sample name: | 3a1085797ca3089008cb2b51d2fcdc84.exe |
Analysis ID: | 1534363 |
MD5: | 3a1085797ca3089008cb2b51d2fcdc84 |
SHA1: | f5ea90ec6ad07f137c058ef2874dbd3a1b444f95 |
SHA256: | 8fc221b7c8e3f52f22841c866cf0d842f2a1266e79b472273766ce1704474499 |
Tags: | exeRedLineStealeruser-abuse_ch |
Infos: | |
Score: | 100 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
RedLine Stealer | RedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer. | No Attribution |
|
AV Detection |
---|
Source: |
Avira: |
Source: |
Malware Configuration Extractor: |
Source: |
ReversingLabs: |
||
Source: |
ReversingLabs: |
||
Source: |
ReversingLabs: |
||
Source: |
ReversingLabs: |
Source: |
ReversingLabs: |
Source: |
Integrated Neural Analysis Model: |
Source: |
Joe Sandbox ML: |
||
Source: |
Joe Sandbox ML: |
Source: |
Joe Sandbox ML: |
Source: |
Static PE information: |
Source: |
File created: |
Jump to behavior |
Source: |
Static PE information: |
Source: |
Binary string: |
||
Source: |
Binary string: |
||
Source: |
Binary string: |
||
Source: |
Binary string: |
||
Source: |
Binary string: |
||
Source: |
Binary string: |
||
Source: |
Binary string: |
Source: |
Code function: |
0_2_05F33928 | |
Source: |
Code function: |
0_2_05F33918 | |
Source: |
Code function: |
0_2_05F33A1C | |
Source: |
Code function: |
0_2_06B66C90 | |
Source: |
Code function: |
0_2_06B66C80 | |
Source: |
Code function: |
12_2_05273928 | |
Source: |
Code function: |
12_2_05273918 | |
Source: |
Code function: |
12_2_05273A1C | |
Source: |
Code function: |
12_2_06036C90 | |
Source: |
Code function: |
12_2_06036C80 | |
Source: |
Code function: |
16_2_05BFAE40 | |
Source: |
Code function: |
16_2_05BFAF28 | |
Source: |
Code function: |
16_2_05BFC218 | |
Source: |
Code function: |
16_2_05BFAE3B | |
Source: |
Code function: |
16_2_05BFC218 | |
Source: |
Code function: |
20_2_055D3918 | |
Source: |
Code function: |
20_2_055D3928 | |
Source: |
Code function: |
20_2_055D3A1C | |
Source: |
Code function: |
20_2_064D6C90 | |
Source: |
Code function: |
20_2_064D6C80 |
Networking |
---|
Source: |
Suricata IDS: |
||
Source: |
Suricata IDS: |
||
Source: |
Suricata IDS: |
||
Source: |
Suricata IDS: |
||
Source: |
Suricata IDS: |
||
Source: |
Suricata IDS: |
||
Source: |
Suricata IDS: |
||
Source: |
Suricata IDS: |
||
Source: |
Suricata IDS: |
||
Source: |
Suricata IDS: |
||
Source: |
Suricata IDS: |
||
Source: |
Suricata IDS: |
Source: |
URLs: |
Source: |
Bad PDF prefix: |