Overview

overview

10

Static

static

SkyBlade/ModTo...ter.js

windows7_x64

1

SkyBlade/ModTo...ter.js

windows10-2004_x64

1

SkyBlade/ModTo...x.html

windows7_x64

1

SkyBlade/ModTo...x.html

windows10-2004_x64

1

SkyBlade/ModTo...dex.js

windows7_x64

1

SkyBlade/ModTo...dex.js

windows10-2004_x64

1

SkyBlade/ModTo...nav.js

windows7_x64

1

SkyBlade/ModTo...nav.js

windows10-2004_x64

1

SkyBlade/ModTo...e.html

windows7_x64

1

SkyBlade/ModTo...e.html

windows10-2004_x64

1

SkyBlade/ModTo...o.html

windows7_x64

1

SkyBlade/ModTo...o.html

windows10-2004_x64

1

SkyBlade/ModTo...b.html

windows7_x64

1

SkyBlade/ModTo...b.html

windows10-2004_x64

1

SkyBlade/ModTo...s.html

windows7_x64

1

SkyBlade/ModTo...s.html

windows10-2004_x64

1

SkyBlade/ModTo...a.html

windows7_x64

1

SkyBlade/ModTo...a.html

windows10-2004_x64

1

SkyBlade/ModTo...m.html

windows7_x64

1

SkyBlade/ModTo...m.html

windows10-2004_x64

1

SkyBlade/ModTo...t.html

windows7_x64

1

SkyBlade/ModTo...t.html

windows10-2004_x64

1

SkyBlade/Start...me.exe

windows7_x64

1

SkyBlade/Start...me.exe

windows10-2004_x64

10
General
Target

SkyBlade.zip

Size

3MB

Sample

220414-qx2aaabacm

Score
10/10
MD5

05db414a0e7a3cc7e576bc00af2c7f18

SHA1

dc898d3d96066ca8ef27f9673dcfe212b61bb9e8

SHA256

63a37203d598350b284c05833662fbdc89d9d46142120bb035609216f1a3ee77

SHA512

1e218ed7efe1a49732336f8d156613e738e0b7f6cc6a65f54544051639df094b64cb5b3cd3013329e92dfb77f47a5c7dce08acf9a317809cc9c245f3db3ba8de

Malware Config

Extracted

Family

redline
Botnet

1
C2

65.108.41.163:38151
Attributes
auth_value
95517c2a2f56575288c35d9dfde4a6aa
Targets
Target

SkyBlade/ModTools/Scripts/TechnicalDocumentation/highlighter.js

MD5

d8cc4fa033996b48efccd2a6a831585c

Filesize

1KB

Score
1/10
SHA1

3bb029a68f37acb13c3f1d13dada9521dca6bcdf

SHA256

d48634fbb25bd2011c0d5ab8d84407850066bf92fc6d32df7188510709c31398

SHA512

0e51bd987e01db2109635473deabaad19c7e2cb58367b500838420dd8c9e5a93412328763146541473dd527cb349637faed564b742c09a12eb273ecd635349a7

Related Tasks

behavioral1behavioral2
Target

SkyBlade/ModTools/Scripts/TechnicalDocumentation/index.html

MD5

f588e93768556e1043c11f1385056395

Filesize

3KB

Score
1/10
SHA1

604cd2cc502d4d3e3d4fcd802e3f1b777b3f9294

SHA256

35ecc9bc5fc2316732cfc2d53af352e150d39ec6f09ff575f1dec1aa23c48765

SHA512

4b43e5e1171762caec221e21cda6a9001a96709dad23825f6bc07e3ae4204d964a6017f1ea15269f6e8772b1becd0a3cac37b7cc9d5e5cd4217ac721ee418827

Related Tasks

behavioral3behavioral4
Target

SkyBlade/ModTools/Scripts/TechnicalDocumentation/index.js

MD5

b264eee8aedad060c1f9f012592e2ed0

Filesize

6KB

Score
1/10
SHA1

683fb3819650386ce1de8d6d260b8ef4ba611d53

SHA256

ad99be4ef1e36dbb0164a96730fdb956bbe3a23011700cf48f5981f19a5b268b

SHA512

d95a1389d4dcca49204bb156f37ab3ecef94076f50b2f632785f098db0c075d7426994a17299eb6fd069bc16092dd80bd4a09ca5b4c9e79d4bdbdb9d804fe547

Related Tasks

behavioral5behavioral6
Target

SkyBlade/ModTools/Scripts/TechnicalDocumentation/nav.js

MD5

147f45c1c097b4c2305dd632a5bc0ef9

Filesize

1KB

Score
1/10
SHA1

94f823225ab8aab6651a760b69d38324b97fac07

SHA256

0cfdb74a06621f4305915e42d93715deba1cd8ef573380019ae677e24d624f43

SHA512

8dc092af47c797cbf3898a1ead622d399446538872c07272d92c113fc42fab13bacb91dc62a938ad711532297cb7631d53ff365857cab6312b2e3f5967763425

Related Tasks

behavioral7behavioral8
Target

SkyBlade/ModTools/Scripts/TechnicalDocumentation/tool/mod/script/ExitNode.html

MD5

e7abfa09bbeed2f944c4103a9bf98acc

Filesize

31KB

Score
1/10
SHA1

ec1d7c75f2b2bb3f0790ee44a98a004df9c62bfb

SHA256

562404ce99c0a2163f9f59fcdf1579361b9bad14ddd5645c4e9eafd7cc64ee3c

SHA512

bd24a38777fe6689ec50604a833dcb20d8aaf624f7d037533435c386f7016f5f3b1e2ce0620d7efd3d04f7ba3fcce392af7748e3f582f0842db90719d32c0dc3

Related Tasks

behavioral9behavioral10
Target

SkyBlade/ModTools/Scripts/TechnicalDocumentation/tool/mod/script/LevelInfo.html

MD5

cc7152a4494b905ac90cd98ceea27140

Filesize

7KB

Score
1/10
SHA1

e93642e93db25512e0a5e4eb4bb7d7de650725ca

SHA256

49710240607718e2f5ecdee201ed02a68ecfdc4967b7ecff15c2bfc6f90e34c0

SHA512

b6551262100345ff1a9b023c193b4f6144d88601a17ac52e5beb73c90690216fc793383dfdfac64d96c5b08752c2aaa898708813353031db214a59e315d7d9c2

Related Tasks

behavioral11behavioral12
Target

SkyBlade/ModTools/Scripts/TechnicalDocumentation/tool/mod/script/LevelMob.html

MD5

d96cfcdf49d816491b7dea53bb87ef49

Filesize

5KB

Score
1/10
SHA1

3063837c5d7bd33a8df1eaa6fd70a61785e54b25

SHA256

934dbc6548b98338620f3401aaabcdc3040b8824a99ec932c634d96b95b8fcc2

SHA512

646017ed0109564e3c0323b06034f4e716548f0fa227b932cf3e1ad8ea3073700a155b6060d10536069ab6c9af1718854bb6cbd8e531bcd2c7dac5b42973338e

Related Tasks

behavioral13behavioral14
Target

SkyBlade/ModTools/Scripts/TechnicalDocumentation/tool/mod/script/LevelProps.html

MD5

c4e6e9db98020235eb88916c4bc18abe

Filesize

6KB

Score
1/10
SHA1

d1ec3b9805e67035e459ad5ad05d791cf079d579

SHA256

923db5e4b4dade1d29f1cd8446a87082670aa49cf376a6ad60b0838bdbd74d3b

SHA512

580733273522f6866910532a3b41d5bd797d8f7940041ba4835c2c0f3dfdf12d6cbddc5f18ecf1106a4ce5dbf33a56abc4edf03570ea8f2ee30006e69e1f793e

Related Tasks

behavioral15behavioral16
Target

SkyBlade/ModTools/Scripts/TechnicalDocumentation/tool/mod/script/Meta.html

MD5

ec9675e594b39be998c656fa6a995b39

Filesize

6KB

Score
1/10
SHA1

f951fdb67da89d41138c6f195f76fc7482ea5573

SHA256

287a28359f22b32787d23ce925ce60c626269019fa2f1bb05069e6b0ff082a44

SHA512

bc031a0cbaac4dd745265af3dcc8d71eeda5577b322ebd5d3a2673c05212d47e43ab5bb880d807d06c8522cae66602959247eaf7bb345f4fa90222be01f66ce0

Related Tasks

behavioral17behavioral18
Target

SkyBlade/ModTools/Scripts/TechnicalDocumentation/tool/mod/script/SeededRandom.html

MD5

228220fc23b7a980df7c9768607f6fed

Filesize

6KB

Score
1/10
SHA1

4b2303fad36dcfa29a0ff7a5c6fd9269bdda4e61

SHA256

0e43e137d02b835fd2a5633a16ff0defc3027f019286b84ee94fc80ee36f7f32

SHA512

43c8d4006da7690ea3999936be4e697a58212008daa1074434c82e1112c51373ebc88460628b3d12c681520ec5598da2a8e90b5837b82b5e952ee53276ceda29

Related Tasks

behavioral19behavioral20
Target

SkyBlade/ModTools/Scripts/TechnicalDocumentation/tool/mod/script/Struct.html

MD5

8109e500d198e7ec31184f32430282b0

Filesize

22KB

Score
1/10
SHA1

4763248cae5e6e45057eabd03d1d6f20c6d35fb3

SHA256

80064bacd435d4aa4b924f63b9fa93602e175989bc0367fe461d00c78c6ca5e9

SHA512

7153f4c9b8ccd1979e38ae090933f89ddedbe6f3b60cf22d85c172b3c104487ca72097ef8efbed0eb5473de1e67f411f6277f8c82a5dc607273df02c9490946f

Related Tasks

behavioral21behavioral22
Target

SkyBlade/StartGame.exe

MD5

22e9a832c4c9bb705d65ff11b31daab4

Filesize

1MB

Score
10/10
SHA1

e03118acc0918d828a5e41c2467642758148a09d

SHA256

ca88d5e1d164070489ab499916a5327b369c1f919c5ace2629f2fd33f89c6d49

SHA512

a22112ea127df4349984bf3ef69426e10853b744ecf9ee20206a1c9b6bf2fa54bce96f614d797d165d0e32f105a8972096fb3ec3efe32915029cf6c12024aa89

Tags

Signatures

  • Meta Stealer Stealer

    Description

    Meta Stealer steals passwords stored in browsers, written in C++.

    Tags

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • RedLine Payload

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local SystemCredentials in Files

  • Suspicious use of SetThreadContext

Related Tasks

behavioral23behavioral24
MITRE ATT&CK Matrix
Collection
Command and Control
    Credential Access
    Defense Evasion
    Discovery
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation
                    Tasks

                    static1

                    Score
                    N/A

                    behavioral1

                    Score
                    1/10

                    behavioral2

                    Score
                    1/10

                    behavioral3

                    Score
                    1/10

                    behavioral4

                    Score
                    1/10

                    behavioral5

                    Score
                    1/10

                    behavioral6

                    Score
                    1/10

                    behavioral7

                    Score
                    1/10

                    behavioral8

                    Score
                    1/10

                    behavioral9

                    Score
                    1/10

                    behavioral10

                    Score
                    1/10

                    behavioral11

                    Score
                    1/10

                    behavioral12

                    Score
                    1/10

                    behavioral13

                    Score
                    1/10

                    behavioral14

                    Score
                    1/10

                    behavioral15

                    Score
                    1/10

                    behavioral16

                    Score
                    1/10

                    behavioral17

                    Score
                    1/10

                    behavioral18

                    Score
                    1/10

                    behavioral19

                    Score
                    1/10

                    behavioral20

                    Score
                    1/10

                    behavioral21

                    Score
                    1/10

                    behavioral22

                    Score
                    1/10

                    behavioral23

                    Score
                    1/10

                    behavioral24

                    Score
                    10/10