General
-
Target
a6e4eec7ef49b926110b1efab80952188556941a03622b3b7d4b0d913968d992.zip
-
Size
516KB
-
Sample
210719-pphscx1d8s
-
MD5
7c053c13e32235318be383c769ddcba5
-
SHA1
37c6ac98546d9ba4379b154818b916603d7f4a69
-
SHA256
ed339f2e28e0db99f145106d84d9988a155bc532f86a4277b03866f471216c1f
-
SHA512
d9c01d9241c1f141b1ef4f2572f67ca92c2f8ee203d84d1aaecab1800c591593d5621bf201789507b296f5354655d61de14bdd0fd519948f5d87f0b3b568b517
Static task
static1
Behavioral task
behavioral1
Sample
a6e4eec7ef49b926110b1efab80952188556941a03622b3b7d4b0d913968d992.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
a6e4eec7ef49b926110b1efab80952188556941a03622b3b7d4b0d913968d992.exe
Resource
win10v20210410
Malware Config
Extracted
redline
@design_stalkar
137.74.76.180:52028
Targets
-
-
Target
a6e4eec7ef49b926110b1efab80952188556941a03622b3b7d4b0d913968d992
-
Size
694KB
-
MD5
de43536d975cba211d34a470437871e8
-
SHA1
dc06854adcfb4e9ac801f1497419ae9f7a2a4945
-
SHA256
a6e4eec7ef49b926110b1efab80952188556941a03622b3b7d4b0d913968d992
-
SHA512
bb368cbf296fd1a87e10166d29af2c694795bf22d75cd9621a55317a94e689e42117669797d37b7f58fe133d1903f83be7093589282e03f590e5df9f94b4ec49
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-