Overview
overview
10Static
static
Sоnic FrÐ...fo.xml
windows7-x64
1Sоnic FrÐ...fo.xml
windows10-2004-x64
1Sоnic FrÐ...ts.xml
windows7-x64
1Sоnic FrÐ...ts.xml
windows10-2004-x64
1Sоnic FrÐ...te.xml
windows7-x64
1Sоnic FrÐ...te.xml
windows10-2004-x64
Sоnic FrÐ...fo.xml
windows7-x64
1Sоnic FrÐ...fo.xml
windows10-2004-x64
Sоnic FrÐ...ks.xml
windows7-x64
1Sоnic FrÐ...ks.xml
windows10-2004-x64
Sоnic FrÐ...fo.xml
windows7-x64
1Sоnic FrÐ...fo.xml
windows10-2004-x64
1Sоnic FrÐ...fo.xml
windows7-x64
1Sоnic FrÐ...fo.xml
windows10-2004-x64
1Sоnic FrÐ...Ñ€.exe
windows7-x64
10Sоnic FrÐ...Ñ€.exe
windows10-2004-x64
10General
-
Target
Sоnic_Frоntiеrs_Sеtuр.rar
-
Size
6.1MB
-
Sample
221126-dxxwmscd6w
-
MD5
472f13bd6d30e22b128380007de2bb0b
-
SHA1
f01a0b725e76bdc5d081c5b1403bea96d4abcf2c
-
SHA256
a2766924130f9f5c19eeee078f29d1073c89734cb570775f67d70a95ef6dea1d
-
SHA512
a96af20fd676ea87ed74f86d2375582be8ba26539c3ca69c2bd079e5727891263c8d5af18ee12cabbfb4520e11099539d601d7bd6967d9795f68b069c7182e34
-
SSDEEP
196608:UWf6ASP/zOCeSRMHIdK0zlll4Zj9fBLwJbFZ:cASP7JeSRMIdK0rl4ZRfBwJ
Static task
static1
Behavioral task
behavioral1
Sample
Sоnic Frоntiеrs Sеtuр/CoreFoundation.resources/Info.xml
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Sоnic Frоntiеrs Sеtuр/CoreFoundation.resources/Info.xml
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
Sоnic Frоntiеrs Sеtuр/CoreMedia.resources/AVAssetExportPresets.xml
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
Sоnic Frоntiеrs Sеtuр/CoreMedia.resources/AVAssetExportPresets.xml
Resource
win10v2004-20221111-en
Behavioral task
behavioral5
Sample
Sоnic Frоntiеrs Sеtuр/CoreMedia.resources/AVExportBitRate.xml
Resource
win7-20221111-en
Behavioral task
behavioral6
Sample
Sоnic Frоntiеrs Sеtuр/CoreMedia.resources/AVExportBitRate.xml
Resource
win10v2004-20221111-en
Behavioral task
behavioral7
Sample
Sоnic Frоntiеrs Sеtuр/CoreMedia.resources/Info.xml
Resource
win7-20221111-en
Behavioral task
behavioral8
Sample
Sоnic Frоntiеrs Sеtuр/CoreMedia.resources/Info.xml
Resource
win10v2004-20221111-en
Behavioral task
behavioral9
Sample
Sоnic Frоntiеrs Sеtuр/CoreText.resources/DefaultFontFallbacks.xml
Resource
win7-20220901-en
Behavioral task
behavioral10
Sample
Sоnic Frоntiеrs Sеtuр/CoreText.resources/DefaultFontFallbacks.xml
Resource
win10v2004-20221111-en
Behavioral task
behavioral11
Sample
Sоnic Frоntiеrs Sеtuр/CoreText.resources/Info.xml
Resource
win7-20221111-en
Behavioral task
behavioral12
Sample
Sоnic Frоntiеrs Sеtuр/CoreText.resources/Info.xml
Resource
win10v2004-20220812-en
Behavioral task
behavioral13
Sample
Sоnic Frоntiеrs Sеtuр/Foundation.resources/Info.xml
Resource
win7-20220901-en
Behavioral task
behavioral14
Sample
Sоnic Frоntiеrs Sеtuр/Foundation.resources/Info.xml
Resource
win10v2004-20220812-en
Behavioral task
behavioral15
Sample
Sоnic Frоntiеrs Sеtuр/Sоnic Frоntiеrs Sеtuр.exe
Resource
win7-20220812-en
Behavioral task
behavioral16
Sample
Sоnic Frоntiеrs Sеtuр/Sоnic Frоntiеrs Sеtuр.exe
Resource
win10v2004-20220812-en
Malware Config
Extracted
redline
@cham1ng
193.106.191.160:8673
-
auth_value
296c18e34d670ae41d67c9e09e2546b7
Targets
-
-
Target
Sоnic Frоntiеrs Sеtuр/CoreFoundation.resources/Info.plist
-
Size
1KB
-
MD5
5596ffca74c5aace74655135b7cbdef5
-
SHA1
062b0eeb23e8bd5841afc93681db96dc5c5168c9
-
SHA256
2d4a9e1a4b85dfc33b0393fe0a24f838f9d91771977a430d046d910227fc4935
-
SHA512
27b5bd9416296a16557d6b64ebff3d4ae99065038fd4e5082af1955737e4127b95b5089aa72eb8139d73a43f2f2b9c64a44c9e1fe6754914ebad2760ce06e3f1
Score1/10 -
-
-
Target
Sоnic Frоntiеrs Sеtuр/CoreMedia.resources/AVAssetExportPresets.plist
-
Size
90KB
-
MD5
dceae93ac31c07194213df45c1ec6e52
-
SHA1
fe2ef746c9d20a8302b78e6af25601865c3fabb3
-
SHA256
7589ba6518e70636f8d3983704d8218ff4496faf006e02fc1a8f9bb13689036a
-
SHA512
74becd068a96c36f095486a963d9e571c4747ab34ebca71c0cbd1b1eed0a63253e9b18b369abbef62ac420f6909c19696a8bd2ecf4d7ae622141118cd6bbd28a
-
SSDEEP
1536:T7Zsg7DGrddEa+7+NRmzAZmklvA9q8uBXFOmogo3jPwFQBvVS/+O/Q/h2/b/XcrK:S
Score1/10 -
-
-
Target
Sоnic Frоntiеrs Sеtuр/CoreMedia.resources/AVExportBitRate.plist
-
Size
13KB
-
MD5
bac154c89a2528f138f3e8df54f08596
-
SHA1
27cbe4dbce5c6e5fc65c18faeb89f883db321e83
-
SHA256
35e8c1eccc3bad0fae187b2fcc505b9324de8d23d6faaf1dad67e137e56ec804
-
SHA512
fa67a5892441cb71a266b06f99af1ecf401b9da3807d6be42d15d12f6ac6e1702cabc8ca476821f1cf4d328dfe97bc05c49ab5f754b4e0aac609236912008fa1
-
SSDEEP
192:X+ik5VUEoWKAFPGYwo0kmq4YL8fbKA1ribKAhG6EoWvz+qY2GlGdpqUwz1jQNoOj:NG9s
Score7/10-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
-
-
Target
Sоnic Frоntiеrs Sеtuр/CoreMedia.resources/Info.plist
-
Size
850B
-
MD5
6db12b4fc294da06c67f3da1e1e4f71a
-
SHA1
54f018577999af58738b55866e447129e0b3508d
-
SHA256
8f1ae2fd98861f82d4625fdc22a0bf233a777ce7b0780c14637591534000e287
-
SHA512
e3467d1fcc6e361e6f00d549c084783822b704ea2f8464a43310cae5f96376d902d56fea15d66cd00a6f5d4287f6bf0a20cfb744a40f33a4542dd30a9a6cd263
Score7/10-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
-
-
Target
Sоnic Frоntiеrs Sеtuр/CoreText.resources/DefaultFontFallbacks.plist
-
Size
10KB
-
MD5
19d598c63424bc66845be5810d034ec1
-
SHA1
95ee46caa313e41db312cf9d3980ca75f70f3952
-
SHA256
2180713c84a6fccbba6903482cc289c0024f0b45735593d109592a4355802f9a
-
SHA512
a5e4554c35edd00ee7961c2631091ff9a3ad1990b9164ae75fe7462d813acb6b21f7d4351ab8701a551c949cae17ff65f88a50a650ea5f0603a7dd66ea18471f
-
SSDEEP
192:IsdVqoSJWO21IjQRS/2Og1QZQoYj2Og1Q0oeoYj2Og1QqoYc2Og1QaoYc2Og1Q8:Fr0b/wH24vV
Score7/10-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
-
-
Target
Sоnic Frоntiеrs Sеtuр/CoreText.resources/Info.plist
-
Size
1KB
-
MD5
c278fec706efa5d99dd2f84e3a588376
-
SHA1
d964cfa33d7941f80ff9cf5c3ae42a3e925fb710
-
SHA256
5d260a252fec8f0ea328bf6df575c40439a355a79bed692b16b1de0bdb41b457
-
SHA512
265b897b24e1b0593c9334bda520eb6c9047879f3550b232f55059d440bba55e55bbfdf6326faf4840d5a523655ec7840416e8bc65038695a302e7f160fb8217
Score1/10 -
-
-
Target
Sоnic Frоntiеrs Sеtuр/Foundation.resources/Info.plist
-
Size
748B
-
MD5
69b3130ce593f0ca98a4cfeddd3ef941
-
SHA1
2fc7757dfd5cfc313adab9626816a13a69fb3104
-
SHA256
8e8eb5aae32ba9e37c6c2c2b0312fa33347333072e3fbe11f7f3903955859560
-
SHA512
7c6348d957d2f41aea9ee7001758cc4b04ab8efc68916f9182ff864ed27e142afa6aad3121fef25bb5c28645f4faeccbfbf290dcf8b9cb305aa05118bcd96312
Score1/10 -
-
-
Target
Sоnic Frоntiеrs Sеtuр/Sоnic Frоntiеrs Sеtuр.exe
-
Size
763.6MB
-
MD5
1c3cf682c253a5a931a7de2e4be5e67e
-
SHA1
73ac7ba407fc95d0b7121eb0e9499dfbdf3ccdbc
-
SHA256
0ac69838b494dae7b4f64531ad20068d3b66b193858bbf1b4bfcb4e19417714a
-
SHA512
9ed28350ade2b5f07e8efb561563223115527e37c8e656e824fe800bbd99fe4395bc2e76e6441341fe11b8480aed9c72501a1e6bec0cd62b027a73d254816c98
-
SSDEEP
98304:lrl9Mjm6TJse6CiowYIHYLBlrqTaXEV/61IujIAnNu/ppEPlYMr:Nl9Km6TJH6TYI8BlrOki/d7AnmgPlB
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-