General
-
Target
mixazed_20210714-142936
-
Size
169KB
-
Sample
210714-t9jvjch372
-
MD5
11475543f216029a47d391a4074863b1
-
SHA1
0f0ea4f0120d434579c67ecb8a2dc29b876fa932
-
SHA256
fffbb8e330ddafa3497f954ac5b5c6998f2ff0a9c1fb8a26ea28eed13401698d
-
SHA512
48b1b53d049fa3c7dbf213d0dd80dfa9b81c9ebafdae1fdb671f304e2fc3f2296bbedb3b5763f2d98731d7d76380496c7ea099e1b465d4e9579187c52267dc05
Malware Config
Extracted
redline
GAP
185.215.113.35:23276
Targets
-
-
Target
mixazed_20210714-142936
-
Size
169KB
-
MD5
11475543f216029a47d391a4074863b1
-
SHA1
0f0ea4f0120d434579c67ecb8a2dc29b876fa932
-
SHA256
fffbb8e330ddafa3497f954ac5b5c6998f2ff0a9c1fb8a26ea28eed13401698d
-
SHA512
48b1b53d049fa3c7dbf213d0dd80dfa9b81c9ebafdae1fdb671f304e2fc3f2296bbedb3b5763f2d98731d7d76380496c7ea099e1b465d4e9579187c52267dc05
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-