Reading Time : 1min
This report is for information purpose only. Malware samples used in this report are actual bad pieces of software and should be handled by professionals in a safe environment. Author of this blog post is not responsible for any damage otherwise. Author does not endorse any product or service referenced or used during analysis.
Malware Family: RedLineStealer
Sample file: Link
SHA256: 562b48015b238c92691603ad4f135142e74de037e9da68138d425d0e84d1f579
File Type: PE32
Target OS: Windows
Testing Environment:
this is a 32bit windows executable written in C
PEiD show its virtual and real size which are not far apart
But DiE shows that its (.text) section is packed shown by its entropy value which is more than 7
Compiler : Sun May 23 08:22:29 2021
Debugger : Thu Nov 11 07:21:19 2021
during dynamic analysis procmon shows failed attempts to find files in same location as executable malicious file. (Might be potential companion files.)
On Virustotal 50
out of 68
Vendors Flag this file as malicious.
Here is list of Online Sandboxes and their Reports