Overview

overview

10

Static

static

4a136b737d...75.exe

windows7_x64

10

4a136b737d...75.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4a136b737d9e08d4d04f661f050447f5a2ef4c2d1834e434f3bcaf2b85526175

  • Size

    529KB

  • Sample

    220712-r2cyxsedaq

  • MD5

    054daf924a5537dea562d6b1bea7ebd7

  • SHA1

    5ca2df89fa45d5fe8544033cad2e5116417761b6

  • SHA256

    4a136b737d9e08d4d04f661f050447f5a2ef4c2d1834e434f3bcaf2b85526175

  • SHA512

    a118c2a0d4056d611c90d9c16bafde79799afdba01adcf905c8c044facf78ed36e630e6bda8323c23a7331a14cf15a2a3c9226fb3e559e466896123c025b8e25

Score
10/10
redlinefullynewagilenetinfostealer

Malware Config

Extracted

Family

redline

Botnet

fullynew

C2

rlmushahel.xyz:80

Targets

    • Target

      4a136b737d9e08d4d04f661f050447f5a2ef4c2d1834e434f3bcaf2b85526175

    • Size

      529KB

    • MD5

      054daf924a5537dea562d6b1bea7ebd7

    • SHA1

      5ca2df89fa45d5fe8544033cad2e5116417761b6

    • SHA256

      4a136b737d9e08d4d04f661f050447f5a2ef4c2d1834e434f3bcaf2b85526175

    • SHA512

      a118c2a0d4056d611c90d9c16bafde79799afdba01adcf905c8c044facf78ed36e630e6bda8323c23a7331a14cf15a2a3c9226fb3e559e466896123c025b8e25

    Score
    10/10
    redlinefullynewagilenetinfostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks