Malware Series

Unpack RedLine stealer using dnSpyEx – Part 3

February 12, 2024

.NET, Config, Debugging, dnSpyEx, Infostealer, Malware Series, RedLine

In this article, we dive into process of unpacking and extracting config from RedLine Stealer using dnSpyEx. It’s a bit lengthy but a great way to learn about the unpacking process using dnSpyEx. 🔍 This is the 3rd part in our deep dive series on RedLine. If you need a…

Unpack RedLine stealer to extract config using pe-sieve -Part 2

February 6, 2024

.NET, dnSpyEx, Infostealer, Malware Series, pe-sieve, ProcMon, RedLine

RedLine Stealer config extraction using two ways: Fast & Easy Method: Use the awesome pe-sieve tool from @hasherezade, which dumps unpacked file from memory. Then, extract the config from dumped file. Using dnSpyEx for manual debugging. It’s a bit lengthy but a great way to learn about the unpacking process.…

🔍 Dive into the RedLine Stealer Infection Chain – Part 1

January 30, 2024

CyberChef, Infostealer, LNK, Malware Series, mshta, PowerShell, RedLine, VBScript

RedLine Stealer Infection Chain: Zip ➡️ LNK PS ➡️ mshta (URL1) ➡️ PS ➡️ cmd ➡️ PS ➡️ URL2 ➡️ exe What’s Inside: LNK using \W*\\2\\msh*e to dodge detection VBScript analysis using CyberChef & Wscript.Echo Utilize CyberChef recipe to decode VBScript & PowerShell How to deobfuscate PowerShell with PowerShell logging…