redline | 023e051091cf055f6544cdf73b0287dd25087cd6235d798793503d6ddbd0d061 | Triage

Submit
Reports

Overview

overview

Static

static

7

SoftwareSetupFile.exe

windows7-x64

7

SoftwareSetupFile.exe

windows10-2004-x64

Sharing

General

Target

SoftwareSetupFile.exe
Size

1.1MB
Sample

221210-kwlkjsaa4y
MD5

a556f115bbafe2cbc392f37775140807
SHA1

61abcc6e03b291970489b641634f3faa2c052946
SHA256

023e051091cf055f6544cdf73b0287dd25087cd6235d798793503d6ddbd0d061
SHA512

4f460c703ef34cea163bd3d47a2986a312c7261acde5daa2312df94d3eb587892d7dc2453efdfb9f0190e4baf9fce9a9b37fc2fe1408dae54975a6af6a03f2b2
SSDEEP

24576:MpwRaY3FAaKEY2zyIe93w5DckiRi66MUZuBgVneTvcwH+pv5hxDtVQRIwnl2/2h3:MpwRaY3FAaKEY2zyJ93w5DckiRi66MU+

Score

10^/10

redline slabo krutish 2 agilenet infostealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

SoftwareSetupFile.exe

Resource

win7-20221111-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

SoftwareSetupFile.exe

Resource

win10v2004-20221111-en

redline slabo krutish 2 agilenet infostealer

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

slabo krutish 2

C2

78.47.191.142:63772

Attributes

auth_value
f65ad1dc3b50bd274e38a201f0121669

Targets

- Target
  
  SoftwareSetupFile.exe
- Size
  
  1.1MB
- MD5
  
  a556f115bbafe2cbc392f37775140807
- SHA1
  
  61abcc6e03b291970489b641634f3faa2c052946
- SHA256
  
  023e051091cf055f6544cdf73b0287dd25087cd6235d798793503d6ddbd0d061
- SHA512
  
  4f460c703ef34cea163bd3d47a2986a312c7261acde5daa2312df94d3eb587892d7dc2453efdfb9f0190e4baf9fce9a9b37fc2fe1408dae54975a6af6a03f2b2
- SSDEEP
  
  24576:MpwRaY3FAaKEY2zyIe93w5DckiRi66MUZuBgVneTvcwH+pv5hxDtVQRIwnl2/2h3:MpwRaY3FAaKEY2zyJ93w5DckiRi66MU+
Score

10^/10

agilenet redline slabo krutish 2 infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

redlineslabo krutish 2agilenetinfostealer

© 2018-2024

Terms | Privacy