redline | 3e1235c95c85525f9a05d40d16e9deadd44bb8308baece9df565a19c1d616f68 | Triage

Submit
Reports

Overview

overview

Static

static

7

SoftwareSetupFile.exe

windows7-x64

7

SoftwareSetupFile.exe

windows10-2004-x64

Sharing

General

Target

SoftwareSetupFile.zip
Size

2.6MB
Sample

221210-jlqwvahh4x
MD5

6d950418ea712ebff8290f4939121311
SHA1

ff5079593d900ec7fc195e9ded6c954e20f4df39
SHA256

3e1235c95c85525f9a05d40d16e9deadd44bb8308baece9df565a19c1d616f68
SHA512

572a3a98bc2e11b3394ffd3886fdb66d12933189fe96c94a1c88fbd0cd120c8803623b134cfee9f2d8028d297353822e6617c5807073c4a9eb4235e9c7279697
SSDEEP

49152:L/I/ndwIs6mlYHNwrB5IePOxk/2ug2a8s/6dXch6ii3/thR:bEdw1wtQIemSlJsydXccL

Score

10^/10

redline slabo krutish 2 agilenet infostealer spyware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

SoftwareSetupFile.exe

Resource

win7-20220812-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

SoftwareSetupFile.exe

Resource

win10v2004-20220901-en

redline slabo krutish 2 agilenet infostealer spyware

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

slabo krutish 2

C2

78.47.191.142:63772

Attributes

auth_value
f65ad1dc3b50bd274e38a201f0121669

Targets

- Target
  
  SoftwareSetupFile.exe
- Size
  
  700.0MB
- MD5
  
  49f4a57a1ad2255b9474257e34f1f204
- SHA1
  
  e6b336ba67764b9837c035bce8366638ea542b77
- SHA256
  
  f1486af3d0f89ddc4482a900740fe5716bf9b99021b77e9e41ea70f106d6f63c
- SHA512
  
  4e56dace8194752a557faa27b4a7c9ba273cbea6b8b1806d1a0b96376b34a3170b313a1f44ead6dbb528eb640e99b8b568e35ebbf058bba632926496ca5433c4
- SSDEEP
  
  196608:MpwRaY3FAaKEY2zyJ93w5DckiRi66MUZuBgVneTvcwH+pv5hxDtVQKwnl2/2hwn3:r
Score

10^/10

agilenet redline slabo krutish 2 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

redlineslabo krutish 2agilenetinfostealerspyware

© 2018-2024

Terms | Privacy