redline | 297976d069d3366a587c6de27aec29f2b729872d199a7e437ced83c4f1bb5c9f | Triage

Submit
Reports

Overview

overview

Static

static

297976d069...57.exe

windows7_x64

297976d069...57.exe

windows10_x64

Sharing

General

Target

297976d069d3366a587c6de27aec29f2b729872d199a7e437ced83c4f1bb5c9f-20210421-122257
Size

1.3MB
Sample

210421-kkmejx9q3e
MD5

5117da426fe56ffdde2c13745ff6b46b
SHA1

9327d4fd989a2f3681043af4c7809e0e693bd929
SHA256

297976d069d3366a587c6de27aec29f2b729872d199a7e437ced83c4f1bb5c9f
SHA512

53e1328a253cdf2d9298a0055e85ceb8a7d37e901a5eb5a679453a6fc6bf3496025edd2c73fb5edb3721a53bf02ccf44edfc09068a43a60ba2ced6d4e8b5de26

Score

10^/10

redline agilenet infostealer spyware

Static task

static1

Behavioral task

behavioral1

Sample

297976d069d3366a587c6de27aec29f2b729872d199a7e437ced83c4f1bb5c9f-20210421-122257.exe

Resource

win7v20210408

redline agilenet infostealer spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

297976d069d3366a587c6de27aec29f2b729872d199a7e437ced83c4f1bb5c9f-20210421-122257.exe

Resource

win10v20210410

redline agilenet infostealer spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

redline

C2

45.139.236.56:8734

Targets

- Target
  
  297976d069d3366a587c6de27aec29f2b729872d199a7e437ced83c4f1bb5c9f-20210421-122257
- Size
  
  1.3MB
- MD5
  
  5117da426fe56ffdde2c13745ff6b46b
- SHA1
  
  9327d4fd989a2f3681043af4c7809e0e693bd929
- SHA256
  
  297976d069d3366a587c6de27aec29f2b729872d199a7e437ced83c4f1bb5c9f
- SHA512
  
  53e1328a253cdf2d9298a0055e85ceb8a7d37e901a5eb5a679453a6fc6bf3496025edd2c73fb5edb3721a53bf02ccf44edfc09068a43a60ba2ced6d4e8b5de26
Score

10^/10

redline agilenet infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlineagilenetinfostealerspyware

behavioral2

redlineagilenetinfostealerspyware

© 2018-2024

Terms | Privacy