redline | 4a75f2db1dbd3c1218bb9994b7e1c690c4edd4e0c1a675de8d2a127611173e69 | Triage

Submit
Reports

Overview

overview

Static

static

3

MrsMajor3.0.exe

windows7-x64

MrsMajor3.0.exe

windows10-2004-x64

Sharing

General

Target

MrsMajor3.0.exe
Size

381KB
Sample

230507-k41pfadc98
MD5

35a27d088cd5be278629fae37d464182
SHA1

d5a291fadead1f2a0cf35082012fe6f4bf22a3ab
SHA256

4a75f2db1dbd3c1218bb9994b7e1c690c4edd4e0c1a675de8d2a127611173e69
SHA512

eb0be3026321864bd5bcf53b88dc951711d8c0b4bcbd46800b90ca5116a56dba22452530e29f3ccbbcc43d943bdefc8ed8ca2d31ba2e7e5f0e594f74adba4ab5
SSDEEP

6144:Th3idhONY259BH1DzJ5PzVNtGgc+F9TBd096cTKAsLEbqqbd+VWM8AHiKn9SlXNA:Th3iXPw9Tc6kVXMHHLEf8l7

Score

10^/10

redline agilenet evasion infostealer stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

MrsMajor3.0.exe

Resource

win7-20230220-en

agilenet evasion trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

MrsMajor3.0.exe

Resource

win10v2004-20230220-en

redline agilenet evasion infostealer stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  MrsMajor3.0.exe
- Size
  
  381KB
- MD5
  
  35a27d088cd5be278629fae37d464182
- SHA1
  
  d5a291fadead1f2a0cf35082012fe6f4bf22a3ab
- SHA256
  
  4a75f2db1dbd3c1218bb9994b7e1c690c4edd4e0c1a675de8d2a127611173e69
- SHA512
  
  eb0be3026321864bd5bcf53b88dc951711d8c0b4bcbd46800b90ca5116a56dba22452530e29f3ccbbcc43d943bdefc8ed8ca2d31ba2e7e5f0e594f74adba4ab5
- SSDEEP
  
  6144:Th3idhONY259BH1DzJ5PzVNtGgc+F9TBd096cTKAsLEbqqbd+VWM8AHiKn9SlXNA:Th3iXPw9Tc6kVXMHHLEf8l7
Score

10^/10

agilenet evasion trojan redline infostealer stealer
- Detects Redline Stealer samples
  This rule detects the presence of Redline Stealer samples based on their unique strings.
  stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- UAC bypass
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agilenetevasiontrojan

behavioral2

redlineagilenetevasioninfostealerstealertrojan

© 2018-2024

Terms | Privacy