General
-
Target
297976d069d3366a587c6de27aec29f2b729872d199a7e437ced83c4f1bb5c9f-20210421-122257
-
Size
1.3MB
-
Sample
210421-kkmejx9q3e
-
MD5
5117da426fe56ffdde2c13745ff6b46b
-
SHA1
9327d4fd989a2f3681043af4c7809e0e693bd929
-
SHA256
297976d069d3366a587c6de27aec29f2b729872d199a7e437ced83c4f1bb5c9f
-
SHA512
53e1328a253cdf2d9298a0055e85ceb8a7d37e901a5eb5a679453a6fc6bf3496025edd2c73fb5edb3721a53bf02ccf44edfc09068a43a60ba2ced6d4e8b5de26
Static task
static1
Behavioral task
behavioral1
Sample
297976d069d3366a587c6de27aec29f2b729872d199a7e437ced83c4f1bb5c9f-20210421-122257.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
297976d069d3366a587c6de27aec29f2b729872d199a7e437ced83c4f1bb5c9f-20210421-122257.exe
Resource
win10v20210410
Malware Config
Extracted
redline
45.139.236.56:8734
Targets
-
-
Target
297976d069d3366a587c6de27aec29f2b729872d199a7e437ced83c4f1bb5c9f-20210421-122257
-
Size
1.3MB
-
MD5
5117da426fe56ffdde2c13745ff6b46b
-
SHA1
9327d4fd989a2f3681043af4c7809e0e693bd929
-
SHA256
297976d069d3366a587c6de27aec29f2b729872d199a7e437ced83c4f1bb5c9f
-
SHA512
53e1328a253cdf2d9298a0055e85ceb8a7d37e901a5eb5a679453a6fc6bf3496025edd2c73fb5edb3721a53bf02ccf44edfc09068a43a60ba2ced6d4e8b5de26
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-