General
-
Target
b0310ba20bbcc66f57b0a69fb70dd88692442a6730564048c71cf6ed18570a83
-
Size
985KB
-
Sample
240423-c1enssbg9y
-
MD5
27525eafcc8fd809f48456e922446433
-
SHA1
4f470cfa43727b6d58c10fce6f777ffb7d113ffd
-
SHA256
b0310ba20bbcc66f57b0a69fb70dd88692442a6730564048c71cf6ed18570a83
-
SHA512
4aa2f78eb0b2e0c0992a7ab5ca82846442e4748852afbfe1f25d68cecfb3a92ada634cf5c412afeb7ff465bb9bbe60eb981293bbf8e168dc7b95cfe3ad8710be
-
SSDEEP
12288:QJW8Ow7NTeSE+kiqWxPqcZF7mA+ChfI2vrqjEdHtVn06X:QRJlfE+kiqWxyiF7mA+STTqN6
Malware Config
Extracted
redline
Test_NEW_MIX
86.107.197.8:3213
Targets
-
-
Target
b0310ba20bbcc66f57b0a69fb70dd88692442a6730564048c71cf6ed18570a83
-
Size
985KB
-
MD5
27525eafcc8fd809f48456e922446433
-
SHA1
4f470cfa43727b6d58c10fce6f777ffb7d113ffd
-
SHA256
b0310ba20bbcc66f57b0a69fb70dd88692442a6730564048c71cf6ed18570a83
-
SHA512
4aa2f78eb0b2e0c0992a7ab5ca82846442e4748852afbfe1f25d68cecfb3a92ada634cf5c412afeb7ff465bb9bbe60eb981293bbf8e168dc7b95cfe3ad8710be
-
SSDEEP
12288:QJW8Ow7NTeSE+kiqWxPqcZF7mA+ChfI2vrqjEdHtVn06X:QRJlfE+kiqWxyiF7mA+STTqN6
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
-
Detects executables packed with Agile.NET / CliSecure
-
Detects executables referencing credit card regular expressions
-
Detects executables referencing many confidential data stores found in browsers, mail clients, cryptocurreny wallets, etc. Observed in information stealers
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Suspicious use of SetThreadContext
-