General
-
Target
1cb84d9bebb65cd72ed36cef22e59b8c
-
Size
485KB
-
Sample
210714-smzr5gl166
-
MD5
1cb84d9bebb65cd72ed36cef22e59b8c
-
SHA1
5c76d0b4d2b723e7d757a539e3f9e257c11162ef
-
SHA256
fb58621fe07c9c86655bd41a9e643fd98f1d3f0aad7fcc3a39f6c83421ebacac
-
SHA512
50af1279252f4afa12a13a73f78d55330fed0121a38942218ca4f8f50ff964000c35f8002f051d0f25925ac763745036582e42ff3097fbe51d946ad43a0b4b0e
Static task
static1
Behavioral task
behavioral1
Sample
1cb84d9bebb65cd72ed36cef22e59b8c.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
1cb84d9bebb65cd72ed36cef22e59b8c.exe
Resource
win10v20210410
Malware Config
Extracted
redline
1
ynabrdosmc.xyz:80
Targets
-
-
Target
1cb84d9bebb65cd72ed36cef22e59b8c
-
Size
485KB
-
MD5
1cb84d9bebb65cd72ed36cef22e59b8c
-
SHA1
5c76d0b4d2b723e7d757a539e3f9e257c11162ef
-
SHA256
fb58621fe07c9c86655bd41a9e643fd98f1d3f0aad7fcc3a39f6c83421ebacac
-
SHA512
50af1279252f4afa12a13a73f78d55330fed0121a38942218ca4f8f50ff964000c35f8002f051d0f25925ac763745036582e42ff3097fbe51d946ad43a0b4b0e
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-