General
-
Target
27e57b661c54816dd0281cd9507be4e0
-
Size
876KB
-
Sample
231231-exynlsaaen
-
MD5
27e57b661c54816dd0281cd9507be4e0
-
SHA1
00f2341b3c61474ddf599713a5d4fce358b1a368
-
SHA256
2c097f75f70db6da229e183ca9707ca241e5c7b9ce481bd79a9110038edac455
-
SHA512
5b3ccf39667336ea75942c3e6a44c659319b9a3ff19c5ef441c94cbfec621675add016374d83be86be364d0eadad5fbb35d1cca9d043569bf6c6f3c52b32c1ae
-
SSDEEP
24576:nyLHuEU/Ve5SXJe8qXHgaKpr6gLUIpnK2ljS27vs:yLOgR3fgLPpyU
Static task
static1
Behavioral task
behavioral1
Sample
27e57b661c54816dd0281cd9507be4e0.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
27e57b661c54816dd0281cd9507be4e0.exe
Resource
win10v2004-20231222-en
Malware Config
Extracted
redline
Build2_Mastif
95.181.157.69:8552
Targets
-
-
Target
27e57b661c54816dd0281cd9507be4e0
-
Size
876KB
-
MD5
27e57b661c54816dd0281cd9507be4e0
-
SHA1
00f2341b3c61474ddf599713a5d4fce358b1a368
-
SHA256
2c097f75f70db6da229e183ca9707ca241e5c7b9ce481bd79a9110038edac455
-
SHA512
5b3ccf39667336ea75942c3e6a44c659319b9a3ff19c5ef441c94cbfec621675add016374d83be86be364d0eadad5fbb35d1cca9d043569bf6c6f3c52b32c1ae
-
SSDEEP
24576:nyLHuEU/Ve5SXJe8qXHgaKpr6gLUIpnK2ljS27vs:yLOgR3fgLPpyU
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-