General
-
Target
954b39f45379c530b7f659d697c29ac7.exe
-
Size
487KB
-
Sample
210420-p5d9vnqnt2
-
MD5
954b39f45379c530b7f659d697c29ac7
-
SHA1
9fa7dcb754041cc878f6ca3a71581a04e3b23427
-
SHA256
301a510700f2ebccd25fc5cc6c579ead2196b957ed81aa3eda29c7bc40887c26
-
SHA512
aecda633e082d00a5d9989aad8e20e300372efdcdbe4f48991b7fb7f70079d7465f420c278167edf25656966c44ac03ab72c3f1aaa18962771bee63364e7a6d8
Malware Config
Extracted
redline
v113
45.150.67.141:8054
Targets
-
-
Target
954b39f45379c530b7f659d697c29ac7.exe
-
Size
487KB
-
MD5
954b39f45379c530b7f659d697c29ac7
-
SHA1
9fa7dcb754041cc878f6ca3a71581a04e3b23427
-
SHA256
301a510700f2ebccd25fc5cc6c579ead2196b957ed81aa3eda29c7bc40887c26
-
SHA512
aecda633e082d00a5d9989aad8e20e300372efdcdbe4f48991b7fb7f70079d7465f420c278167edf25656966c44ac03ab72c3f1aaa18962771bee63364e7a6d8
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-