General
-
Target
SoftwareSetupFile.zip
-
Size
2.6MB
-
Sample
221210-jlqwvahh4x
-
MD5
6d950418ea712ebff8290f4939121311
-
SHA1
ff5079593d900ec7fc195e9ded6c954e20f4df39
-
SHA256
3e1235c95c85525f9a05d40d16e9deadd44bb8308baece9df565a19c1d616f68
-
SHA512
572a3a98bc2e11b3394ffd3886fdb66d12933189fe96c94a1c88fbd0cd120c8803623b134cfee9f2d8028d297353822e6617c5807073c4a9eb4235e9c7279697
-
SSDEEP
49152:L/I/ndwIs6mlYHNwrB5IePOxk/2ug2a8s/6dXch6ii3/thR:bEdw1wtQIemSlJsydXccL
Behavioral task
behavioral1
Sample
SoftwareSetupFile.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
SoftwareSetupFile.exe
Resource
win10v2004-20220901-en
Malware Config
Extracted
redline
slabo krutish 2
78.47.191.142:63772
-
auth_value
f65ad1dc3b50bd274e38a201f0121669
Targets
-
-
Target
SoftwareSetupFile.exe
-
Size
700.0MB
-
MD5
49f4a57a1ad2255b9474257e34f1f204
-
SHA1
e6b336ba67764b9837c035bce8366638ea542b77
-
SHA256
f1486af3d0f89ddc4482a900740fe5716bf9b99021b77e9e41ea70f106d6f63c
-
SHA512
4e56dace8194752a557faa27b4a7c9ba273cbea6b8b1806d1a0b96376b34a3170b313a1f44ead6dbb528eb640e99b8b568e35ebbf058bba632926496ca5433c4
-
SSDEEP
196608:MpwRaY3FAaKEY2zyJ93w5DckiRi66MUZuBgVneTvcwH+pv5hxDtVQKwnl2/2hwn3:r
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-