General
-
Target
MAN.rar
-
Size
1.4MB
-
Sample
210730-flyceenazx
-
MD5
afa10ee13619324df9355fc2ce468946
-
SHA1
0fe5a112341b05f579ed097163953ddd165e7951
-
SHA256
06cce4b7854749f9aecb85698eabfb3cee76b37fd345c97ba5071c2bb3978193
-
SHA512
90b4df36362b3e3a5b061580cbc723bf7eb0997ff5de08908a3b18d9ce2c66f558c5d47d989303f6904b4ab24cbd6be782df68b4084f36de19a5a198a1a53475
Malware Config
Extracted
redline
mastif
91.121.146.23:9519
Targets
-
-
Target
MAN/Engine.js
-
Size
870KB
-
MD5
62ef5e3b94fef67f046b99b587fe013e
-
SHA1
5f36e3fb609a35f405ade92982b7205111dabc63
-
SHA256
125949ad84b6dff236614a3ef542f2a814b1024385fa9f9d64eb2403fd4b26fc
-
SHA512
06654013becdf9e20479bf3140bc57b1dce5ef5d1512749b61539318be00fc384cbb80f0aa3e69b8d9f3fe4cc0e4c08f7504fde6d654b0bc0c2086349cf934fb
Score1/10 -
-
-
Target
MAN/Installer.exe
-
Size
1.6MB
-
MD5
8a1995805ad65999ec546a1074ac9887
-
SHA1
11d5589ca5ebb127ea57b89ee5da89e0b64fa4c6
-
SHA256
2040517dac0b553d4a589bb8c14ca4329022e0ce5e5d0ef0f2c08a2deb10fb5b
-
SHA512
cad4e187956e4db24d291ea725caf89439440eb97ebe9fa76438b76ada66ecc01a4143bf688c6506ec5148c79338e7f581305d2cb8ad17552c558c62706ae777
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
CustAttr .NET packer
Detects CustAttr .NET packer in memory.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
-
-
Target
MAN/xNet.dll
-
Size
2.9MB
-
MD5
0a56659cff9731c30ce87968cac0ef23
-
SHA1
4fdef03ec3da0a74ec89e369df486035a4995c6d
-
SHA256
ac5f7131a15c02620676ff6dc89ba6485bbe88aadd244d297586b438ce13c811
-
SHA512
6653a3b51518ec0c611ca8fa639d49747dd8cd03622358f10f48c82b41b6dad840047ed72a09a74ecf94e2ddd5e813bbe76cbdc916d3e5a65d63f816e00f3039
Score1/10 -