General
-
Target
Run.exe
-
Size
162KB
-
Sample
210717-rlby16h9sj
-
MD5
fda22da8bf91b9df75088e136961abd5
-
SHA1
30497f7bfb005e7658f391aa9c6e90978ba5d4e6
-
SHA256
e3c1577eac697afa0ab7f2d0eb8128fd75c69fc87c40f3f0f058532aa85a3d3b
-
SHA512
77bb2cd443fcf0f12f521eec6f325fcb24bed4af482e13ae33e4ae8c01f8055fbc8b1f7a3a177f3af0d8a73d34794ee4aaaad8a6e33b84d0cf86ddfbc4be5677
Static task
static1
Behavioral task
behavioral1
Sample
Run.exe
Resource
win7v20210408
Malware Config
Extracted
redline
pushka
95.217.123.66:1835
Targets
-
-
Target
Run.exe
-
Size
162KB
-
MD5
fda22da8bf91b9df75088e136961abd5
-
SHA1
30497f7bfb005e7658f391aa9c6e90978ba5d4e6
-
SHA256
e3c1577eac697afa0ab7f2d0eb8128fd75c69fc87c40f3f0f058532aa85a3d3b
-
SHA512
77bb2cd443fcf0f12f521eec6f325fcb24bed4af482e13ae33e4ae8c01f8055fbc8b1f7a3a177f3af0d8a73d34794ee4aaaad8a6e33b84d0cf86ddfbc4be5677
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-