redline

Sharing

Copy URL

Twitter E-mail

General

Target

Internalinject0r_.rar
Size

1.3MB
Sample

221008-mgyyfaefhk
MD5

9e05b4652b54c42ff3a5a4b83b49c70b
SHA1

471687b9d736013f2e6bec07b4b496488e52af52
SHA256

151adab32ef2ff5ab351a4b933b067c72c967dd5aa86c6d260338d953afeb5fe
SHA512

c83a1ea05ad5df4fd67f55f4b05d8a2e140c0ca9a04b8d93fd3813e28a3ec5d3cad7b7058ca8d3c71bbca7ee268dd22a7fe5f55e597f68cc3677a2697120811e
SSDEEP

24576:5C31PYndN1PHAzB5cXYF0muTSsIyiIPcrfBaFBdt0yFnrMjaqCJCGT4HA8BW:5CFPkZ/aAYiriIGatbZpvJh4HAAW

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

@nmrzv_8

77.73.134.24:80

Attributes

auth_value
1eec868816c2feca6b467734d7cb723e

Targets

- Target
  
  ByteSize.dll
- Size
  
  14KB
- MD5
  
  f0ec21d51fe936e4a69e3069c33bfacd
- SHA1
  
  0f8e905a25a313d2c1fb1320a8fde82bf72146e2
- SHA256
  
  03178c41b7923db4e2407f6b7dfe04d81223388f797a8caa67e98b099382688f
- SHA512
  
  122644906fc044ee562681b06754ee8a380960f2769876aaa368f643e60a2c6cf8125a4dbd60886592802a45e2762a21e147a43c0bc0dab60802c17205ad6634
- SSDEEP
  
  192:2TiiAVQ9/BRlo5YqdFxhB55RRFp+tCTaOhtM4sAGyKE2C4ibE2LWEgXqwnjaWbVu:jiAV1OKFRjvcBio2xgnnja6rYSbA
Score

1^/10
behavioral1
- Target
  
  DeviceId.dll
- Size
  
  23KB
- MD5
  
  3ac4985417b20d37dd37b2bc600c6aae
- SHA1
  
  fc24e7842624b902fdc86714b530c06b317566ff
- SHA256
  
  d72f6a6b2f5354cc54bebace2e61c0bff845cf39676a6672eafbe3c3619ae1b1
- SHA512
  
  07cc8a70d2e41318689e2286185fd143e690b1c87654978463e97de43882d3a3635c9b7bd82647308f0c7c825392528a7764ffed728e0970aad7daf3a8c681f3
- SSDEEP
  
  384:ThVlgGrFM7lS19UdQgZjLe55hCCCCCCCCCHCqfNd18TsqqVLinrZEm6Rf3juC:ThVKGrF78dQO3odYNd8sqqUnrO7Z3jl
Score

1^/10
behavioral2
- Target
  
  DotRas.dll
- Size
  
  195KB
- MD5
  
  d13685b2f68d04bd58def62ca4cead67
- SHA1
  
  adaa8520e6caabef4cac9b828895ccf4996e1dd8
- SHA256
  
  51f656bf3190fe0db9b6de9fd5dd047e1a346bc3158095ec76309bf62320274e
- SHA512
  
  b25f8c0a70281c102956f16bab3c5d2f590c609f3ac708ca662a87a3fd68a1bf47f7647e29a2abb5d224f78fda13b0262f69bfa8d81ade3b46899096b8357e76
- SSDEEP
  
  3072:P+/nXzPL+Qh06+1KJWJvbOrc9pVrv0TE/uNXPsnJQOKTNpxDWPfzkJJC57:W/Xv+QGishOS1vCE/ukM8
Score

1^/10
behavioral3
- Target
  
  DryIoc.dll
- Size
  
  556KB
- MD5
  
  51da0fb115978870de2df6553a3c9dcf
- SHA1
  
  ebd85785fa472292b9fc3caaef528c65d448537c
- SHA256
  
  c9454574c1f7487c1b52f159354ab7b716e5d3ae28dac52d6298400c3f61614f
- SHA512
  
  1a81582ce66a5bc1f58bf6d316c078c4d1275978bad04248a6b7467545fd1c9d6e66f90fe041307527f9fa81bbb28debbbb8cdd10dc93579707cfd28b627179b
- SSDEEP
  
  12288:rd26ViHc1UbUGck2CIKy3eSyC8NH2FggyZSRwmOzfT:rCc1UbUGceyU2Fgg6mOzf
Score

1^/10
behavioral4
- Target
  
  Loader.exe
- Size
  
  366KB
- MD5
  
  d46101844376994b61c19ea15912979d
- SHA1
  
  ef31093a80c6c25ec5a4f2324453e0b8aecc6166
- SHA256
  
  c6c4a2c8e5485d5021b74517948d39ffcff969405d8b26ebfa564a017dc61095
- SHA512
  
  a80a826e99f70363646368f02994f35258f41c2be5a77dbf5aac155470e071a9c927fe857841160370f277d1c5acfc3db0e13b397f6f23902381fcd04b4785c3
- SSDEEP
  
  6144:UmtFN9/Dzh8Wm6XtPCFbCbBBBB0y8ZvtoPEn+gIzqVJrBBBBBBBtchweBBoBBBB2:UmtFN9/DdkFbCbBBBB0ygymywBBBBBBU
Score

10^/10

redline @nmrzv_8 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Downloads MZ/PE file
- Executes dropped EXE
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral5
- Target
  
  language/de/IPVanish.resources.dll
- Size
  
  7KB
- MD5
  
  8f41105d6f33dfcf371d48f3bee7e7b2
- SHA1
  
  b9cf01d7f16b19844268d74562dfc40429fafc0e
- SHA256
  
  44a55e777f336358b57ab405c7b971d3c83a3614bd4656e5c6104741b726e9ee
- SHA512
  
  35a8e5023587c8a089cf036a4b8bedca6f4ad990b0defc16a3a33073fa220eb5e9f687a0eb6752e85c0cd2c514032ebb5821e349578f3fa9ad9bc67a12e3e904
- SSDEEP
  
  96:Jkwo4TMC08TKQn1et1gSRwLBcWPbBs2/46S6Kqi0glkZXzz+:Jkwo4BN1igSRwLBcGbBsv6S5+Zzz
Score

1^/10
behavioral6
- Target
  
  language/de/Microsoft.Win32.TaskScheduler.resources.dll
- Size
  
  9KB
- MD5
  
  98d205dce86345119c26351d3e18eb38
- SHA1
  
  d3da9a70ad2d81b9a0b21335a959498223b2a2f8
- SHA256
  
  e6b8001eaa217e5a4568d30b022a736902aa68fa094c3188a50943ca14a4a1a8
- SHA512
  
  407c4546440724478d36f64c0388e6188e0a7aa95ffd30282bfd84bf10c5331ef1b714956de64fa3723d80d47804b3ae3d3900498c0581a155fdc3e0f84385f1
- SSDEEP
  
  192:LxiAN0xENtqVeFseIS+iyOdv7ZJSqSi/u4noo1OSM5rLN0XWr:LsAN5FNIS+iyOdzZJSGuuop15rLN0XWr
Score

1^/10
behavioral7
- Target
  
  language/en/IPVanish.resources.dll
- Size
  
  25KB
- MD5
  
  d48dfc078f7c6981e43a5b7a27b5cbb3
- SHA1
  
  c76b65fd73edd6d58a0641d861ac29f287fb1803
- SHA256
  
  cab316e53f49965b827aa53de41c1398c7642b677ade833858e5bb0dfaea1b43
- SHA512
  
  c2d320ec7d0c99c7e9f1a17d6e50173431436ed62dbc4b574867e4615f61392d2dfc1fa866d7c470fc04875c02355b229f5fdfdc852409805362bf659586470f
- SSDEEP
  
  384:JfHshUD0HdwjBC4u8ggJH1ygD/m5dxkHT5Oa+T9agmES6KwLR24C6lt2jzz:zsqjBCsZJH1sdaHThg1YwU4CEYb
Score

1^/10
behavioral8
- Target
  
  language/es/IPVanish.resources.dll
- Size
  
  21KB
- MD5
  
  d53385030ac6a5d1afb006b178364ae5
- SHA1
  
  a22327a2904b9ff671c3d48b3f2b0c90599eb31c
- SHA256
  
  f4bc56f6690f71fdc4ad97135574ef904ec1a0982fd0c8100f6892f788457464
- SHA512
  
  745a1aa8eaa95b1d707baddfc76c7ed35e096e46f5408d0021815cc293fd2ce10280932ded1636c3d31037b0e14f853af9806ea3f34d5f541c5cbaf6c0c9428f
- SSDEEP
  
  384:0K1j8FkkFaetTtLTG1aebdbfT6eHA+D4nMhkCIeHj/lpzz:Zjb+aetTxYaebdX6egpnMhkCIezlB
Score

1^/10
behavioral9
- Target
  
  language/es/Microsoft.Win32.TaskScheduler.resources.dll
- Size
  
  9KB
- MD5
  
  5ae3197d050bb596a7070f1d83070193
- SHA1
  
  a0a6d735a6d69510c7c0adb052c3f82235b9e245
- SHA256
  
  3d9a5db39f25616fb83340b8562d3e3867545b6c31c74dadb6bbc28de32d6cff
- SHA512
  
  0df1c5079c647ac707f6b694d23ae58251729b26c795e84d6c2242d5f1168f68d00cb21d82c73207d438ecfa3ed99e0a726360aeda42c1146297ca3353020bc0
- SSDEEP
  
  192:G2iAN0xEStoCotvVwjOjvZcMTPCb+BE00cUnhnto1OSs5rLN0XWr:EAN8oNVwjOjv2MTCiE00catpV5rLN0Xq
Score

1^/10
behavioral10
- Target
  
  language/fr/Microsoft.Win32.TaskScheduler.resources.dll
- Size
  
  9KB
- MD5
  
  9b31529185787120d9a65a1a2301aa23
- SHA1
  
  c3a9648732603f18250aec1d33bd4b7f8345fccd
- SHA256
  
  e31435d366c497b1569b205a084c0e8a2d13e30d1a0933053f86e6d6ff13ebcb
- SHA512
  
  72e830dc3f1c670cbf55dacfdaef6cc9a55f9c4bea0c86724470716f9b7d276290a3a1ede32b281253f5a873adb90ba57621ccc8c6c00c832a0e8b6168772200
- SSDEEP
  
  192:LWAN0xEYtPaB3iaJhW/ZFnOneII0HYZDKz/Cn185o1OSf5rLN0XWr:iANTB3iaJhW/ZFnweH0HYZDly5pG5rLL
Score

1^/10
behavioral11
- Target
  
  language/hi/IPVanish.resources.dll
- Size
  
  4KB
- MD5
  
  6a9da8718fe4b00fd8773008d28d9e0d
- SHA1
  
  8fb495382b4ac5c8fdf3d64a87ff28dfce2cbd46
- SHA256
  
  47eea4a61d6cd6afe2e45c058d005ad0ddb4289ca20fc9838371d76acf39db44
- SHA512
  
  7825e1baf0a121c0f896e95fe0e9a9e7a302f7e709320c8f2b31711a3bf80e57cc48081ca43026447c0ba2c08090747b709948c83c59f2183b48d429217d54c6
- SSDEEP
  
  48:6Tt3zQGsHHfSQIkHk+6yF7r7ANlhpW8lq8l1weJClQLxgsXVZ8DelXMJwPm+Wr:ct3rYLEdaHAvLFlm8Xzz+
Score

1^/10
behavioral12
- Target
  
  language/it/Microsoft.Win32.TaskScheduler.resources.dll
- Size
  
  9KB
- MD5
  
  1886e73d5e8cf236f02f5d255ce6cd5d
- SHA1
  
  67cc25a6b3447c4bb64f3ca887f57b0fed31a0c6
- SHA256
  
  612ad47c992d0a7070b47637f04d676a4b34884c7dcd13046b0902d115fe4932
- SHA512
  
  9d58aae2488fb976ae7196357de7f75e94e5c852d0d287768cc41c8e990c2102097b00f3a881c14f96a769fd0c77fd247b83305ec9e23d7f5e6b98a17792d84f
- SSDEEP
  
  192:EsiAN0xE5tyYFGd+L25mZy/07Bneo1OSs5rLN0XWr:EjANpFGd+L25mZs07lepV5rLN0XWr
Score

1^/10
behavioral13
- Target
  
  language/pl/DeviceId.dll
- Size
  
  23KB
- MD5
  
  3ac4985417b20d37dd37b2bc600c6aae
- SHA1
  
  fc24e7842624b902fdc86714b530c06b317566ff
- SHA256
  
  d72f6a6b2f5354cc54bebace2e61c0bff845cf39676a6672eafbe3c3619ae1b1
- SHA512
  
  07cc8a70d2e41318689e2286185fd143e690b1c87654978463e97de43882d3a3635c9b7bd82647308f0c7c825392528a7764ffed728e0970aad7daf3a8c681f3
- SSDEEP
  
  384:ThVlgGrFM7lS19UdQgZjLe55hCCCCCCCCCHCqfNd18TsqqVLinrZEm6Rf3juC:ThVKGrF78dQO3odYNd8sqqUnrO7Z3jl
Score

1^/10
behavioral14
- Target
  
  language/pl/DotRas.dll
- Size
  
  195KB
- MD5
  
  d13685b2f68d04bd58def62ca4cead67
- SHA1
  
  adaa8520e6caabef4cac9b828895ccf4996e1dd8
- SHA256
  
  51f656bf3190fe0db9b6de9fd5dd047e1a346bc3158095ec76309bf62320274e
- SHA512
  
  b25f8c0a70281c102956f16bab3c5d2f590c609f3ac708ca662a87a3fd68a1bf47f7647e29a2abb5d224f78fda13b0262f69bfa8d81ade3b46899096b8357e76
- SSDEEP
  
  3072:P+/nXzPL+Qh06+1KJWJvbOrc9pVrv0TE/uNXPsnJQOKTNpxDWPfzkJJC57:W/Xv+QGishOS1vCE/ukM8
Score

1^/10
behavioral15
- Target
  
  language/pl/DryIoc.dll
- Size
  
  556KB
- MD5
  
  51da0fb115978870de2df6553a3c9dcf
- SHA1
  
  ebd85785fa472292b9fc3caaef528c65d448537c
- SHA256
  
  c9454574c1f7487c1b52f159354ab7b716e5d3ae28dac52d6298400c3f61614f
- SHA512
  
  1a81582ce66a5bc1f58bf6d316c078c4d1275978bad04248a6b7467545fd1c9d6e66f90fe041307527f9fa81bbb28debbbb8cdd10dc93579707cfd28b627179b
- SSDEEP
  
  12288:rd26ViHc1UbUGck2CIKy3eSyC8NH2FggyZSRwmOzfT:rCc1UbUGceyU2Fgg6mOzf
Score

1^/10
behavioral16
- Target
  
  language/pl/Microsoft.Win32.TaskScheduler.resources.dll
- Size
  
  9KB
- MD5
  
  ed64b973afcc4728c1fcc8667239f06d
- SHA1
  
  6c472da59bc6ea3516a537f866890d43b704e430
- SHA256
  
  aeb22450eb2546824e57eb33e60c9456b2d22b65fee1e56e53a704d90f230626
- SHA512
  
  b10a4510aa985779240d4ed8f23bdcb1f1952815cc7fdea6b6c73372f59cc3d3cd1ec1f89d04b5acfbafe14b04227e7d2a02745747c7dd7f29016c6f1870a240
- SSDEEP
  
  192:ZaAN0xEYtqBoQPqeEKYeCBTrQsk96NnCo1OSD5rLN0XWr:ZaANLzPqeEReCBTUsk8Cpq5rLN0XWr
Score

1^/10
behavioral17
- Target
  
  language/pl/e_sqlite3.dll
- Size
  
  966KB
- MD5
  
  1aa2fb5e420379a7a50cd650232c6a08
- SHA1
  
  e9bb12599f60032a160a00a04203bd73680940cd
- SHA256
  
  9877f703ce3fb9669d656d24726159b616b2df25522225bf41bfafe89954c58a
- SHA512
  
  f908c146cc7299815424debe4d40643864ce442eb30adf148ce05dc2f48e8a9db0697943af55b1c5260f5341ebce57cd804a7b19e71b66510bac085a3f800a59
- SSDEEP
  
  24576:FNtiWRtuKKPAq5NY6VxFKolweGUbqf9CTfO3eo2:FNttRtuKQ/V7cejNpo2
Score

3^/10
behavioral18
- Target
  
  language/ru/IPVanish.resources.dll
- Size
  
  30KB
- MD5
  
  003dbf4594f6c13bf37ed49fb7ffc468
- SHA1
  
  b721f597f0005c5eaec6f8745dd6cad1e1acbfdd
- SHA256
  
  366743411849818da513713cae61e3540afa3bfd64ac0fafda51893d38f66bd5
- SHA512
  
  33218d386ad9f76ae9b7b6c79cff59e649f2e7e3a2e5d409e68fd495ced2e433c7a8b98788db1f5ccde3d97eec91b7aa2031aefd52688d6b3cd9e4e0bdf64630
- SSDEEP
  
  384:0hVT/0elXG53F4W1FVmC+SLKub4Yoh9N28oZrQ2NOhJ/PkBM0aJplEzz:q7xXG5V4aX+Vub49hf28F2No3kG0MXM
Score

1^/10
behavioral19
- Target
  
  language/ru/Microsoft.Win32.TaskScheduler.resources.dll
- Size
  
  10KB
- MD5
  
  683921fde50ad5c38714c04597122354
- SHA1
  
  eef839681155ac1b81fc8b1906dc87eea13e6b8e
- SHA256
  
  e853f9426a8c3ea3d8e92cec9d177547c7585a0182303f530235f65f998b907a
- SHA512
  
  1855990c4096cbc52e58a0ba1920737626b3b33be1e7e8d552bb738fa029410e5b3b71dd8d2adc1a5ad64f5451e74dabb6f3b9a09aff3d67b9692693beaf95d9
- SSDEEP
  
  192:ZmAN0xEfthbUQcwwm9IP9A4O6390Pqn3fwB/UnTro1OSF5rLN0XWr:ZmAN9FHwm9IP9Ac6qnYVanpc5rLN0XWr
Score

1^/10
behavioral20

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

RedLine payload

Downloads MZ/PE file

Executes dropped EXE

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20