General
-
Target
Red Line Soft.rar
-
Size
527KB
-
Sample
210716-ksz3gecrga
-
MD5
91d1ae331024c5f13b1686cec2ead25c
-
SHA1
0ef0bd2f3fefd6b1516d12831358ce31b63452b3
-
SHA256
77cba36284c468fdfc23b0c5d942c2465c9ecd5736301d9bc07ac89797561e20
-
SHA512
1b23971d4b46470fc248a9763ed34bcbecb86413851cf5409d30d63a0bf69d341b2409f602d039b3b9bb097edef3929566dba17568637d684effc56bcd2f03aa
Static task
static1
Behavioral task
behavioral1
Sample
Red Line Soft/Run.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
Red Line Soft/Run.exe
Resource
win10v20210410
Malware Config
Extracted
redline
pushka
95.217.123.66:1835
Targets
-
-
Target
Red Line Soft/Run.exe
-
Size
162KB
-
MD5
fda22da8bf91b9df75088e136961abd5
-
SHA1
30497f7bfb005e7658f391aa9c6e90978ba5d4e6
-
SHA256
e3c1577eac697afa0ab7f2d0eb8128fd75c69fc87c40f3f0f058532aa85a3d3b
-
SHA512
77bb2cd443fcf0f12f521eec6f325fcb24bed4af482e13ae33e4ae8c01f8055fbc8b1f7a3a177f3af0d8a73d34794ee4aaaad8a6e33b84d0cf86ddfbc4be5677
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-