HTDark | Underground Hacking Forum and Cybersecurity Community
  • Earn real money by being active: Hello Guest, earn real money by simply being active on the forum — post quality content, get reactions, and help the community. Once you reach the minimum credit amount, you’ll be able to withdraw your balance directly. Learn how it works.

Reverse Engineering Greenline - Unpacker and Config Extractor for managed Redline Stealer payloads v1.1 Fixed

Status
Not open for further replies.
itsMe

itsMe

*KillmeMories*
Staff member
Administrator
Super Moderator
Hacker
Specter
Crawler
Shadow
Joined
Jan 8, 2019
Messages
56,602
Solutions
2
Reputation
32
Reaction score
100,445
Points
2,313
Credits
32,540
‎6 Years of Service‎
 
76%
How to use

Code: 
Greenline.exe <path> [--config-only]
Greenline will by default unpack Redline Stealers string obfuscation, if you only want the config use the --config-only argument after the path to your binary.

Features

String deobfuscation

68747470733a2f2f6472346b306e69612e6769746875622e696f2f696d616765732f7265646c696e655f737472696e675f646e7370792e706e67


Greenline will unpack string obfuscation like this back to a readable form like this.

210598568-64359e4f-abd6-43a6-b61d-d3c98b5f6876.png


Config extraction

Greenline also automatically extracts the config of RedLine Stealer

68747470733a2f2f6472346b306e69612e6769746875622e696f2f696d616765732f6578747261637465645f636f6e6669672e706e67


Release v1.1 fixed Latest
Fixing Replace call patcher not checking pattern value for null

To see this hidden content, you must like this content.
 
Status
Not open for further replies.
Back
Top