General
-
Target
SoftwareSetupFile.exe
-
Size
1.1MB
-
Sample
221210-kwlkjsaa4y
-
MD5
a556f115bbafe2cbc392f37775140807
-
SHA1
61abcc6e03b291970489b641634f3faa2c052946
-
SHA256
023e051091cf055f6544cdf73b0287dd25087cd6235d798793503d6ddbd0d061
-
SHA512
4f460c703ef34cea163bd3d47a2986a312c7261acde5daa2312df94d3eb587892d7dc2453efdfb9f0190e4baf9fce9a9b37fc2fe1408dae54975a6af6a03f2b2
-
SSDEEP
24576:MpwRaY3FAaKEY2zyIe93w5DckiRi66MUZuBgVneTvcwH+pv5hxDtVQRIwnl2/2h3:MpwRaY3FAaKEY2zyJ93w5DckiRi66MU+
Behavioral task
behavioral1
Sample
SoftwareSetupFile.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
SoftwareSetupFile.exe
Resource
win10v2004-20221111-en
Malware Config
Extracted
redline
slabo krutish 2
78.47.191.142:63772
-
auth_value
f65ad1dc3b50bd274e38a201f0121669
Targets
-
-
Target
SoftwareSetupFile.exe
-
Size
1.1MB
-
MD5
a556f115bbafe2cbc392f37775140807
-
SHA1
61abcc6e03b291970489b641634f3faa2c052946
-
SHA256
023e051091cf055f6544cdf73b0287dd25087cd6235d798793503d6ddbd0d061
-
SHA512
4f460c703ef34cea163bd3d47a2986a312c7261acde5daa2312df94d3eb587892d7dc2453efdfb9f0190e4baf9fce9a9b37fc2fe1408dae54975a6af6a03f2b2
-
SSDEEP
24576:MpwRaY3FAaKEY2zyIe93w5DckiRi66MUZuBgVneTvcwH+pv5hxDtVQRIwnl2/2h3:MpwRaY3FAaKEY2zyJ93w5DckiRi66MU+
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-