Overview

overview

10

Static

static

Red Line Soft/Run.exe

windows7_x64

10

Red Line Soft/Run.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Red Line Soft.rar

  • Size

    527KB

  • Sample

    210716-ksz3gecrga

  • MD5

    91d1ae331024c5f13b1686cec2ead25c

  • SHA1

    0ef0bd2f3fefd6b1516d12831358ce31b63452b3

  • SHA256

    77cba36284c468fdfc23b0c5d942c2465c9ecd5736301d9bc07ac89797561e20

  • SHA512

    1b23971d4b46470fc248a9763ed34bcbecb86413851cf5409d30d63a0bf69d341b2409f602d039b3b9bb097edef3929566dba17568637d684effc56bcd2f03aa

Score
10/10
redlinepushkaagilenetinfostealer

Malware Config

Extracted

Family

redline

Botnet

pushka

C2

95.217.123.66:1835

Targets

    • Target

      Red Line Soft/Run.exe

    • Size

      162KB

    • MD5

      fda22da8bf91b9df75088e136961abd5

    • SHA1

      30497f7bfb005e7658f391aa9c6e90978ba5d4e6

    • SHA256

      e3c1577eac697afa0ab7f2d0eb8128fd75c69fc87c40f3f0f058532aa85a3d3b

    • SHA512

      77bb2cd443fcf0f12f521eec6f325fcb24bed4af482e13ae33e4ae8c01f8055fbc8b1f7a3a177f3af0d8a73d34794ee4aaaad8a6e33b84d0cf86ddfbc4be5677

    Score
    10/10
    redlinepushkaagilenetinfostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks