metastealer | 63a37203d598350b284c05833662fbdc89d9d46142120bb035609216f1a3ee77 | Triage

Sharing

General

Target

SkyBlade.zip
Size

3.3MB
Sample

220414-qx2aaabacm
MD5

05db414a0e7a3cc7e576bc00af2c7f18
SHA1

dc898d3d96066ca8ef27f9673dcfe212b61bb9e8
SHA256

63a37203d598350b284c05833662fbdc89d9d46142120bb035609216f1a3ee77
SHA512

1e218ed7efe1a49732336f8d156613e738e0b7f6cc6a65f54544051639df094b64cb5b3cd3013329e92dfb77f47a5c7dce08acf9a317809cc9c245f3db3ba8de

Score

10^/10

metastealer redline 1 infostealer spyware stealer

Malware Config

Extracted

Family

redline

Botnet

1

C2

65.108.41.163:38151

Attributes

auth_value
95517c2a2f56575288c35d9dfde4a6aa

Targets

- Target
  
  SkyBlade/ModTools/Scripts/TechnicalDocumentation/highlighter.js
- Size
  
  1KB
- MD5
  
  d8cc4fa033996b48efccd2a6a831585c
- SHA1
  
  3bb029a68f37acb13c3f1d13dada9521dca6bcdf
- SHA256
  
  d48634fbb25bd2011c0d5ab8d84407850066bf92fc6d32df7188510709c31398
- SHA512
  
  0e51bd987e01db2109635473deabaad19c7e2cb58367b500838420dd8c9e5a93412328763146541473dd527cb349637faed564b742c09a12eb273ecd635349a7
Score

1^/10
behavioral1 behavioral2
- Target
  
  SkyBlade/ModTools/Scripts/TechnicalDocumentation/index.html
- Size
  
  3KB
- MD5
  
  f588e93768556e1043c11f1385056395
- SHA1
  
  604cd2cc502d4d3e3d4fcd802e3f1b777b3f9294
- SHA256
  
  35ecc9bc5fc2316732cfc2d53af352e150d39ec6f09ff575f1dec1aa23c48765
- SHA512
  
  4b43e5e1171762caec221e21cda6a9001a96709dad23825f6bc07e3ae4204d964a6017f1ea15269f6e8772b1becd0a3cac37b7cc9d5e5cd4217ac721ee418827
Score

1^/10
behavioral3 behavioral4
- Target
  
  SkyBlade/ModTools/Scripts/TechnicalDocumentation/index.js
- Size
  
  6KB
- MD5
  
  b264eee8aedad060c1f9f012592e2ed0
- SHA1
  
  683fb3819650386ce1de8d6d260b8ef4ba611d53
- SHA256
  
  ad99be4ef1e36dbb0164a96730fdb956bbe3a23011700cf48f5981f19a5b268b
- SHA512
  
  d95a1389d4dcca49204bb156f37ab3ecef94076f50b2f632785f098db0c075d7426994a17299eb6fd069bc16092dd80bd4a09ca5b4c9e79d4bdbdb9d804fe547
Score

1^/10
behavioral5 behavioral6
- Target
  
  SkyBlade/ModTools/Scripts/TechnicalDocumentation/nav.js
- Size
  
  1KB
- MD5
  
  147f45c1c097b4c2305dd632a5bc0ef9
- SHA1
  
  94f823225ab8aab6651a760b69d38324b97fac07
- SHA256
  
  0cfdb74a06621f4305915e42d93715deba1cd8ef573380019ae677e24d624f43
- SHA512
  
  8dc092af47c797cbf3898a1ead622d399446538872c07272d92c113fc42fab13bacb91dc62a938ad711532297cb7631d53ff365857cab6312b2e3f5967763425
Score

1^/10
behavioral7 behavioral8
- Target
  
  SkyBlade/ModTools/Scripts/TechnicalDocumentation/tool/mod/script/ExitNode.html
- Size
  
  31KB
- MD5
  
  e7abfa09bbeed2f944c4103a9bf98acc
- SHA1
  
  ec1d7c75f2b2bb3f0790ee44a98a004df9c62bfb
- SHA256
  
  562404ce99c0a2163f9f59fcdf1579361b9bad14ddd5645c4e9eafd7cc64ee3c
- SHA512
  
  bd24a38777fe6689ec50604a833dcb20d8aaf624f7d037533435c386f7016f5f3b1e2ce0620d7efd3d04f7ba3fcce392af7748e3f582f0842db90719d32c0dc3
Score

1^/10
behavioral9 behavioral10
- Target
  
  SkyBlade/ModTools/Scripts/TechnicalDocumentation/tool/mod/script/LevelInfo.html
- Size
  
  7KB
- MD5
  
  cc7152a4494b905ac90cd98ceea27140
- SHA1
  
  e93642e93db25512e0a5e4eb4bb7d7de650725ca
- SHA256
  
  49710240607718e2f5ecdee201ed02a68ecfdc4967b7ecff15c2bfc6f90e34c0
- SHA512
  
  b6551262100345ff1a9b023c193b4f6144d88601a17ac52e5beb73c90690216fc793383dfdfac64d96c5b08752c2aaa898708813353031db214a59e315d7d9c2
Score

1^/10
behavioral11 behavioral12
- Target
  
  SkyBlade/ModTools/Scripts/TechnicalDocumentation/tool/mod/script/LevelMob.html
- Size
  
  5KB
- MD5
  
  d96cfcdf49d816491b7dea53bb87ef49
- SHA1
  
  3063837c5d7bd33a8df1eaa6fd70a61785e54b25
- SHA256
  
  934dbc6548b98338620f3401aaabcdc3040b8824a99ec932c634d96b95b8fcc2
- SHA512
  
  646017ed0109564e3c0323b06034f4e716548f0fa227b932cf3e1ad8ea3073700a155b6060d10536069ab6c9af1718854bb6cbd8e531bcd2c7dac5b42973338e
Score

1^/10
behavioral13 behavioral14
- Target
  
  SkyBlade/ModTools/Scripts/TechnicalDocumentation/tool/mod/script/LevelProps.html
- Size
  
  6KB
- MD5
  
  c4e6e9db98020235eb88916c4bc18abe
- SHA1
  
  d1ec3b9805e67035e459ad5ad05d791cf079d579
- SHA256
  
  923db5e4b4dade1d29f1cd8446a87082670aa49cf376a6ad60b0838bdbd74d3b
- SHA512
  
  580733273522f6866910532a3b41d5bd797d8f7940041ba4835c2c0f3dfdf12d6cbddc5f18ecf1106a4ce5dbf33a56abc4edf03570ea8f2ee30006e69e1f793e
Score

1^/10
behavioral15 behavioral16
- Target
  
  SkyBlade/ModTools/Scripts/TechnicalDocumentation/tool/mod/script/Meta.html
- Size
  
  6KB
- MD5
  
  ec9675e594b39be998c656fa6a995b39
- SHA1
  
  f951fdb67da89d41138c6f195f76fc7482ea5573
- SHA256
  
  287a28359f22b32787d23ce925ce60c626269019fa2f1bb05069e6b0ff082a44
- SHA512
  
  bc031a0cbaac4dd745265af3dcc8d71eeda5577b322ebd5d3a2673c05212d47e43ab5bb880d807d06c8522cae66602959247eaf7bb345f4fa90222be01f66ce0
Score

1^/10
behavioral17 behavioral18
- Target
  
  SkyBlade/ModTools/Scripts/TechnicalDocumentation/tool/mod/script/SeededRandom.html
- Size
  
  6KB
- MD5
  
  228220fc23b7a980df7c9768607f6fed
- SHA1
  
  4b2303fad36dcfa29a0ff7a5c6fd9269bdda4e61
- SHA256
  
  0e43e137d02b835fd2a5633a16ff0defc3027f019286b84ee94fc80ee36f7f32
- SHA512
  
  43c8d4006da7690ea3999936be4e697a58212008daa1074434c82e1112c51373ebc88460628b3d12c681520ec5598da2a8e90b5837b82b5e952ee53276ceda29
Score

1^/10
behavioral19 behavioral20
- Target
  
  SkyBlade/ModTools/Scripts/TechnicalDocumentation/tool/mod/script/Struct.html
- Size
  
  22KB
- MD5
  
  8109e500d198e7ec31184f32430282b0
- SHA1
  
  4763248cae5e6e45057eabd03d1d6f20c6d35fb3
- SHA256
  
  80064bacd435d4aa4b924f63b9fa93602e175989bc0367fe461d00c78c6ca5e9
- SHA512
  
  7153f4c9b8ccd1979e38ae090933f89ddedbe6f3b60cf22d85c172b3c104487ca72097ef8efbed0eb5473de1e67f411f6277f8c82a5dc607273df02c9490946f
Score

1^/10
behavioral21 behavioral22
- Target
  
  SkyBlade/StartGame.exe
- Size
  
  1.8MB
- MD5
  
  22e9a832c4c9bb705d65ff11b31daab4
- SHA1
  
  e03118acc0918d828a5e41c2467642758148a09d
- SHA256
  
  ca88d5e1d164070489ab499916a5327b369c1f919c5ace2629f2fd33f89c6d49
- SHA512
  
  a22112ea127df4349984bf3ef69426e10853b744ecf9ee20206a1c9b6bf2fa54bce96f614d797d165d0e32f105a8972096fb3ec3efe32915029cf6c12024aa89
Score

10^/10

metastealer redline 1 infostealer spyware stealer
- Meta Stealer Stealer
  Meta Stealer steals passwords stored in browsers, written in C++.
  stealer metastealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine Payload
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral23 behavioral24

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

metastealerredline1infostealerspywarestealer