Overview

overview

10

Static

static

SkyBlade/M...tle.js

windows10-2004_x64

1

SkyBlade/M...min.js

windows10-2004_x64

1

SkyBlade/M...rap.js

windows10-2004_x64

1

SkyBlade/M...min.js

windows10-2004_x64

1

SkyBlade/M...ter.js

windows10-2004_x64

1

SkyBlade/M...x.html

windows10-2004_x64

1

SkyBlade/M...dex.js

windows10-2004_x64

1

SkyBlade/M...min.js

windows10-2004_x64

1

SkyBlade/M...nav.js

windows10-2004_x64

1

SkyBlade/M...e.html

windows10-2004_x64

1

SkyBlade/M...o.html

windows10-2004_x64

1

SkyBlade/M...b.html

windows10-2004_x64

1

SkyBlade/M...s.html

windows10-2004_x64

1

SkyBlade/M...a.html

windows10-2004_x64

1

SkyBlade/M...e.html

windows10-2004_x64

1

SkyBlade/M...m.html

windows10-2004_x64

1

SkyBlade/M...t.html

windows10-2004_x64

1

SkyBlade/S...me.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SkyBlade.zip

  • Size

    4.2MB

  • Sample

    220324-tcatdafgfp

  • MD5

    a770f7046dbd3f9a9d83ccc489194a4b

  • SHA1

    83046bc43c57b53764da9ddfde38b4d0b3413dd7

  • SHA256

    03661851e1e85a2d64d259990bc5ec4db1bf69b94dd5c86a1806d3dce55b32b8

  • SHA512

    a900f969a34ab21329639d38b965c3f04b82d56afa3f7e414246ca2834f655f4ec6c96f26362ef1334020b190935169073fcb01e2bc49a364d4be5ce7d5c727b

Score
10/10
redline1infostealer

Malware Config

Extracted

Family

redline

Botnet

1

C2

95.217.197.197:11343

Attributes
  • auth_value

    95517c2a2f56575288c35d9dfde4a6aa

Targets

    • Target

      SkyBlade/ModTools/CastleDB/castle.js

    • Size

      547KB

    • MD5

      90375abf8f12d2d3ca8aca2a08f8cde4

    • SHA1

      ad82800636bb4cafe923c4655a4eb295e6e477b9

    • SHA256

      b872d89dceb645362c25b5baa5d9264612bb017d91e8fc4246abc3db389a1462

    • SHA512

      0c0a841453dc543ff1411950b07d1761149b304b9c8fec45595468371ac4ae8ff493bdfe5ef481b81b7b1ed43e90fc9740efcc75fd2af8f5b7cfc14eb0095c30

    Score
    1/10
    behavioral1

    • Target

      SkyBlade/ModTools/Scripts/TechnicalDocumentation/bootstrap/js/bootstrap-select.min.js

    • Size

      22KB

    • MD5

      bda9f7831f7b9dbacb36990b27c8161b

    • SHA1

      44da65f0bd2a08af2ba5cf9a8bea8089d65df437

    • SHA256

      12094919363142504305742b67d48ec43fa9e9a49d70b6cb8f0dcf73efbb85f8

    • SHA512

      fe831003b21723af16b7bee0e4925d3823a195c09ed32d9ee5a5f910c2a31b79c20b3f3fe74f30e0b5a623a4f64f12fe57d52a82bfd8f92d021a688e34b829da

    Score
    1/10
    behavioral2

    • Target

      SkyBlade/ModTools/Scripts/TechnicalDocumentation/bootstrap/js/bootstrap.js

    • Size

      62KB

    • MD5

      d30a111a614d40b8422e492600d15c27

    • SHA1

      1b3cf91c0525097e2117914bc9b1f3510c3baf37

    • SHA256

      b0171731792c62a9a447d08fbbe9aa8908d4fb5db8114591bc9a6e2b6531e636

    • SHA512

      c83c80510c50504b5a4c7832b53283029e9d12ce59aecc616971b1fe3a7c6747a870319bb1b86fa51aa80f2bd942c53c51a8adcaf7d78ceed98e5c67294a834f

    Score
    1/10
    behavioral3

    • Target

      SkyBlade/ModTools/Scripts/TechnicalDocumentation/bootstrap/js/bootstrap.min.js

    • Size

      27KB

    • MD5

      47d7deee36d6699afccf40741f45b228

    • SHA1

      4d3e1a615349c7a0dea8e057b20db271a1afc5d4

    • SHA256

      e530c947198bbfe4980daa799e9f23f94b2d46bd7a9163422a19be30a76ad4bf

    • SHA512

      7392becfc608e3c0608b42956a0c17bb27c6fade0fb69dd44ac0207e0e27e37fd9869c22a5d050a9c5d212244eff2995bbbf6fb7055f1c964bfd43e45506a287

    Score
    1/10
    behavioral4

    • Target

      SkyBlade/ModTools/Scripts/TechnicalDocumentation/highlighter.js

    • Size

      1KB

    • MD5

      d8cc4fa033996b48efccd2a6a831585c

    • SHA1

      3bb029a68f37acb13c3f1d13dada9521dca6bcdf

    • SHA256

      d48634fbb25bd2011c0d5ab8d84407850066bf92fc6d32df7188510709c31398

    • SHA512

      0e51bd987e01db2109635473deabaad19c7e2cb58367b500838420dd8c9e5a93412328763146541473dd527cb349637faed564b742c09a12eb273ecd635349a7

    Score
    1/10
    behavioral5

    • Target

      SkyBlade/ModTools/Scripts/TechnicalDocumentation/index.html

    • Size

      3KB

    • MD5

      f588e93768556e1043c11f1385056395

    • SHA1

      604cd2cc502d4d3e3d4fcd802e3f1b777b3f9294

    • SHA256

      35ecc9bc5fc2316732cfc2d53af352e150d39ec6f09ff575f1dec1aa23c48765

    • SHA512

      4b43e5e1171762caec221e21cda6a9001a96709dad23825f6bc07e3ae4204d964a6017f1ea15269f6e8772b1becd0a3cac37b7cc9d5e5cd4217ac721ee418827

    Score
    1/10
    behavioral6

    • Target

      SkyBlade/ModTools/Scripts/TechnicalDocumentation/index.js

    • Size

      6KB

    • MD5

      b264eee8aedad060c1f9f012592e2ed0

    • SHA1

      683fb3819650386ce1de8d6d260b8ef4ba611d53

    • SHA256

      ad99be4ef1e36dbb0164a96730fdb956bbe3a23011700cf48f5981f19a5b268b

    • SHA512

      d95a1389d4dcca49204bb156f37ab3ecef94076f50b2f632785f098db0c075d7426994a17299eb6fd069bc16092dd80bd4a09ca5b4c9e79d4bdbdb9d804fe547

    Score
    1/10
    behavioral7

    • Target

      SkyBlade/ModTools/Scripts/TechnicalDocumentation/jquery-1.9.1.min.js

    • Size

      90KB

    • MD5

      383771ef1692bfcc3f2b6917ca985778

    • SHA1

      a1ce0bfa507f23cc414a9a7634bd73b994bb3b35

    • SHA256

      20638e363fcc5152155f24b281303e17da62da62d24ef5dcf863b184d9a25734

    • SHA512

      6101012d233c92dcc531e27ed33573d5b637a085e9f00e0658a1b6d6d9f64bcd69bd38717e4354b0c49c30607252295df8bf9477629cc366456f2ce3c9222538

    Score
    1/10
    behavioral8

    • Target

      SkyBlade/ModTools/Scripts/TechnicalDocumentation/nav.js

    • Size

      1KB

    • MD5

      147f45c1c097b4c2305dd632a5bc0ef9

    • SHA1

      94f823225ab8aab6651a760b69d38324b97fac07

    • SHA256

      0cfdb74a06621f4305915e42d93715deba1cd8ef573380019ae677e24d624f43

    • SHA512

      8dc092af47c797cbf3898a1ead622d399446538872c07272d92c113fc42fab13bacb91dc62a938ad711532297cb7631d53ff365857cab6312b2e3f5967763425

    Score
    1/10
    behavioral9

    • Target

      SkyBlade/ModTools/Scripts/TechnicalDocumentation/tool/mod/script/ExitNode.html

    • Size

      31KB

    • MD5

      e7abfa09bbeed2f944c4103a9bf98acc

    • SHA1

      ec1d7c75f2b2bb3f0790ee44a98a004df9c62bfb

    • SHA256

      562404ce99c0a2163f9f59fcdf1579361b9bad14ddd5645c4e9eafd7cc64ee3c

    • SHA512

      bd24a38777fe6689ec50604a833dcb20d8aaf624f7d037533435c386f7016f5f3b1e2ce0620d7efd3d04f7ba3fcce392af7748e3f582f0842db90719d32c0dc3

    Score
    1/10
    behavioral10

    • Target

      SkyBlade/ModTools/Scripts/TechnicalDocumentation/tool/mod/script/LevelInfo.html

    • Size

      7KB

    • MD5

      cc7152a4494b905ac90cd98ceea27140

    • SHA1

      e93642e93db25512e0a5e4eb4bb7d7de650725ca

    • SHA256

      49710240607718e2f5ecdee201ed02a68ecfdc4967b7ecff15c2bfc6f90e34c0

    • SHA512

      b6551262100345ff1a9b023c193b4f6144d88601a17ac52e5beb73c90690216fc793383dfdfac64d96c5b08752c2aaa898708813353031db214a59e315d7d9c2

    Score
    1/10
    behavioral11

    • Target

      SkyBlade/ModTools/Scripts/TechnicalDocumentation/tool/mod/script/LevelMob.html

    • Size

      5KB

    • MD5

      d96cfcdf49d816491b7dea53bb87ef49

    • SHA1

      3063837c5d7bd33a8df1eaa6fd70a61785e54b25

    • SHA256

      934dbc6548b98338620f3401aaabcdc3040b8824a99ec932c634d96b95b8fcc2

    • SHA512

      646017ed0109564e3c0323b06034f4e716548f0fa227b932cf3e1ad8ea3073700a155b6060d10536069ab6c9af1718854bb6cbd8e531bcd2c7dac5b42973338e

    Score
    1/10
    behavioral12

    • Target

      SkyBlade/ModTools/Scripts/TechnicalDocumentation/tool/mod/script/LevelProps.html

    • Size

      6KB

    • MD5

      c4e6e9db98020235eb88916c4bc18abe

    • SHA1

      d1ec3b9805e67035e459ad5ad05d791cf079d579

    • SHA256

      923db5e4b4dade1d29f1cd8446a87082670aa49cf376a6ad60b0838bdbd74d3b

    • SHA512

      580733273522f6866910532a3b41d5bd797d8f7940041ba4835c2c0f3dfdf12d6cbddc5f18ecf1106a4ce5dbf33a56abc4edf03570ea8f2ee30006e69e1f793e

    Score
    1/10
    behavioral13

    • Target

      SkyBlade/ModTools/Scripts/TechnicalDocumentation/tool/mod/script/Meta.html

    • Size

      6KB

    • MD5

      ec9675e594b39be998c656fa6a995b39

    • SHA1

      f951fdb67da89d41138c6f195f76fc7482ea5573

    • SHA256

      287a28359f22b32787d23ce925ce60c626269019fa2f1bb05069e6b0ff082a44

    • SHA512

      bc031a0cbaac4dd745265af3dcc8d71eeda5577b322ebd5d3a2673c05212d47e43ab5bb880d807d06c8522cae66602959247eaf7bb345f4fa90222be01f66ce0

    Score
    1/10
    behavioral14

    • Target

      SkyBlade/ModTools/Scripts/TechnicalDocumentation/tool/mod/script/RoomNode.html

    • Size

      29KB

    • MD5

      3cd16cdc2ebd02ba0697ad4d9d28bd39

    • SHA1

      df7c19ccbc6d8ad9f8953f2c3a9e78408b7ac9ca

    • SHA256

      bba983460da30db40ee4d5a2d49be494f2446919da84d2bf0ee7fc960d055e71

    • SHA512

      2e42ee587e4b76491dfd4d1498c768eb87fbac1c3c4409745ea11f626c0068ba5db27c4cd0364a743e16f204f5f22586b02c688b544e20eb6cecea9675bc9714

    Score
    1/10
    behavioral15

    • Target

      SkyBlade/ModTools/Scripts/TechnicalDocumentation/tool/mod/script/SeededRandom.html

    • Size

      6KB

    • MD5

      228220fc23b7a980df7c9768607f6fed

    • SHA1

      4b2303fad36dcfa29a0ff7a5c6fd9269bdda4e61

    • SHA256

      0e43e137d02b835fd2a5633a16ff0defc3027f019286b84ee94fc80ee36f7f32

    • SHA512

      43c8d4006da7690ea3999936be4e697a58212008daa1074434c82e1112c51373ebc88460628b3d12c681520ec5598da2a8e90b5837b82b5e952ee53276ceda29

    Score
    1/10
    behavioral16

    • Target

      SkyBlade/ModTools/Scripts/TechnicalDocumentation/tool/mod/script/Struct.html

    • Size

      22KB

    • MD5

      8109e500d198e7ec31184f32430282b0

    • SHA1

      4763248cae5e6e45057eabd03d1d6f20c6d35fb3

    • SHA256

      80064bacd435d4aa4b924f63b9fa93602e175989bc0367fe461d00c78c6ca5e9

    • SHA512

      7153f4c9b8ccd1979e38ae090933f89ddedbe6f3b60cf22d85c172b3c104487ca72097ef8efbed0eb5473de1e67f411f6277f8c82a5dc607273df02c9490946f

    Score
    1/10
    behavioral17

    • Target

      SkyBlade/StartGame.exe

    • Size

      635KB

    • MD5

      314c4df9143ade6211cabd4cc24782c5

    • SHA1

      240229f2b1aa44bf50e6c14ba7f990373a1ead3e

    • SHA256

      84377b2b4b6f40c40f6dd585bebc2190d1a0bd1d63ff67c951a714b840cef287

    • SHA512

      69fd8881f188e3a89320649be87de6a465d43e90dd5c913ce602cbac42b3a31213718f63aaed612e1f55fcc0e14f8dadc2439c0ce0beaabf77b4ed55d3942e7b

    Score
    10/10
    redline1infostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine Payload

    • Suspicious use of SetThreadContext

    behavioral18

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

9
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks