redline

Sharing

Copy URL

Twitter E-mail

General

Target

Kiddions_menu.rar
Size

36.0MB
Sample

221202-hmjngsga51
MD5

82b50c3e1e2cda2e69582b6bc2e9c63d
SHA1

78fe0f2fc98a858802bd9319dd497c4dea1eb828
SHA256

90435781fdc2ed824e908816831889e546ef4a1bc26648b997d8076899e51c60
SHA512

ca0298d1127077200cdfbb1503cfb77396dfeffe1a9f9fd24347b958d817495645af1f6c37af740a1d4892f72d04e40a495d7980f78ead3c9fd8ae408e305b4c
SSDEEP

786432:eSUfBKSPEZG8mAuldjP4okg3kNrI6ozSfTV92vSK63zxxb0v4oQgCEbj:yEg77jPg7snz8BXKKXb0PXj

Score

10^/10

Malware Config

Extracted

Family

redline

193.106.191.160:8673

Attributes

auth_value
e90ee6e281f917587c9bc282e17aa665

Targets

- Target
  
  Kiddions_menu/Kiddions_menu.exe
- Size
  
  218KB
- MD5
  
  a6ada6ba29f4fbf8c20cceddadcff9b8
- SHA1
  
  d90b28467760b83cf30ebba26c9cd87737efa488
- SHA256
  
  cff44386905033da5a33ea46b174af26fbf8f8ad02de7eebbb3d59c33bec0f7d
- SHA512
  
  0d007923f753af84b20f1ac1585c6892abecb8f7694069f7ff6abacdb2178d065bd8dd94cc7479dcf8add7918d9d32221513b2e24821dd07f260a0eb7cebf0ca
- SSDEEP
  
  6144:MuBvroUuFpBnLgf+NkUeP8TcmTzajX8M6EOudI:MCcUWjnLZ/ePicmTz+8MjOue
Score

10^/10

redline infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  Kiddions_menu/Readme.md/lib/pdf/reader/afm/MustRead.html
- Size
  
  937B
- MD5
  
  2bcb27a017c3df27ee4fdfdcf95a4eb9
- SHA1
  
  7ed402c90f4168f75aa251697997ebd6051d8f3c
- SHA256
  
  b226bfc00e1b8b8a80c7b3cfbbc322d13b4b0401f94cdeafdd93b2210ad802eb
- SHA512
  
  f216004aea78563bfe506ab2aedeababd17919db7c4a51924ea01473bd75de61da98b0d08d629771ab0e0ef77eba978faa08a4dbe17230d692e1a56b7560ec33
Score

1^/10
behavioral3 behavioral4
- Target
  
  Kiddions_menu/Readme.md/scripts/require-strict-typing
- Size
  
  712B
- MD5
  
  a39a8f3bb9bb973a350df2661227cbcc
- SHA1
  
  9f2a59393f7c33cf6ef858134239ac018bc01fd6
- SHA256
  
  a9686a126d19e45e449ead33a0b46c32d5508966d81651f6e8f26653f1942b0b
- SHA512
  
  6459a5313ca5dec35e2eb85577afe0fccd5f93edcd852929c7d7782311dd517d8510a6a2209d4197f1ead72addf3ff5641830210192ce0f4ed8ece7005dffa8e
Score

1^/10
behavioral5 behavioral6 behavioral7 behavioral8
- Target
  
  Kiddions_menu/Readme.md/spec/data/20070313 - 2nd Laptop Battery.pdf
- Size
  
  27KB
- MD5
  
  be3427795b673615e42f89b9043d44d9
- SHA1
  
  9cf4b4b3f312894a0a49157c40ca623a7c1b5fb2
- SHA256
  
  764d06d90fa96d89f770693bf91e165a433d2f86786174f88f2590e24549593d
- SHA512
  
  95d45928874c2932c44149c86ea45e86591dbbc1fef1f1ae52a9d45ca3d8a166c8ebbc0cdd06c0fcc102174b4015095417ec91677951eb414dd40ca188d85571
- SSDEEP
  
  768:R+fCGsC2nhdy/SwZkcjNTar+e0X6huWzjwXBs6RW7v5E8b:AsC2S/Hk03VT66VcdZb
Score

1^/10
behavioral10 behavioral9
- Target
  
  Kiddions_menu/Readme.md/spec/data/Genshin Impact hack.exe
- Size
  
  34.7MB
- MD5
  
  40c648be1cdb914d5f2532158b6949fe
- SHA1
  
  911d373736159ba5e8155f219304ad2d5e22ca5c
- SHA256
  
  4932fff36f5d65e1921ac16656ed579e851a5df412565efb09720a14d6d622af
- SHA512
  
  8e2e6dd69bc73edcc343cdcb5af635a9e8c7a2a2309944487cd503cf59a74bfb0c1030c719f9e2192a51ded6b390ef0dd07ef8b8c670d32ef862e40c83029de5
- SSDEEP
  
  786432:g+gX4BMdhwzTQXR5FbPp6FcSS5U/LT2KLVy45S31gDvl5dQF3MGsc:mXGMK4XR3bLSCU/+Iy45SSDvTIMGL
Score

7^/10
- Loads dropped DLL
behavioral11 behavioral12
- Target
  
  Kiddions_menu/Readme.md/spec/data/TJ_and_char_spacing.pdf
- Size
  
  905B
- MD5
  
  8d2a7d485f95f3bc45187c1cf38330c2
- SHA1
  
  5196a278169f5810bf4ff017c3a24d4fbcb398f2
- SHA256
  
  3aee0f9374185038e5a6d5bc6659a55b96ebe228fdc509bebb9aa98c738f5ba3
- SHA512
  
  d24d84908466373a6a72d61edd0129fad7e789eeaa9ec932bec71c46250f911f6dec23764b2f9301a4e829d4ee855788e6801cc4acc2994f6512cc407620cfd4
Score

1^/10
behavioral13 behavioral14
- Target
  
  Kiddions_menu/Readme.md/spec/data/TJ_starts_with_a_number.pdf
- Size
  
  12KB
- MD5
  
  83501b5c507cdddbd9283ad2003c885b
- SHA1
  
  c2870ba45dee480651ed998249d9d3e6a61d8057
- SHA256
  
  39ae54a3eee214c22ebf1388f546d0f57047295a83dbd19a3a3afe1758a68f7e
- SHA512
  
  8e19b3b2a41f75bb77f8f794ab999ed0d9bd4d39142e61bc80f39516e5756b9c03907ca35bc74d1684a18e1b4df5bfa17d7d553b8bf1da474f6f1ca86ec8bf14
- SSDEEP
  
  192:hzzwbQI0EsXoscERrSuXCUfEZqh9dGAZKc5HkcKdzYEWYFDUUSxSkiLlC3L:5wbQgqX19dGKRvSYE8U4dpL
Score

1^/10
behavioral15 behavioral16
- Target
  
  Kiddions_menu/Readme.md/spec/data/ascii85_filter.pdf
- Size
  
  20KB
- MD5
  
  49502f60a3f058e20d0564312c9dda2b
- SHA1
  
  d7789444357ae75a508ff738281eff086f64f1e0
- SHA256
  
  b39396944daf2ac9ac56f41d1d25db350a4455111b98938c8968c1bf48d85116
- SHA512
  
  e67ad3ef62337017ac9e0e154018b3cbc0bd933dce2dcf99d8b59ef4dc9c55b120263689d7289a1277687f29dae0eb9ce3540698a3a6d59fa4393069cb993b42
- SSDEEP
  
  384:MlKsjMlprbx1n6wdWJNVbdlV6+QTOFWQnZKkMbyOL78:MHMlprbx4VbdlYWWQnZKkMbyOLo
Score

1^/10
behavioral17 behavioral18
- Target
  
  Kiddions_menu/Readme.md/spec/data/cairo-basic.pdf
- Size
  
  9KB
- MD5
  
  88be82e60534bfa5f85b9ec0697ec6d6
- SHA1
  
  1e3047499b272787fafd12606fd9478fac49b3b2
- SHA256
  
  d480da287a92a0d197523fb77253d1bc90c72123ed126d7919cc053f612b9d14
- SHA512
  
  4f97655c0d3f0f8a88672d589487aef5bfdcc1341076de940c3c7a2e53ff9ab9ea58d06bd91c2ac28f60e18684e0d0e730a4b4f2218865e9f0802cd9f3c2c821
- SSDEEP
  
  192:ntbuMopPMifjYCPKwVOocJZSk4F6sU+2d3Q8Yp0BZPMMCArDA6dXI:tbulPMiM+VOtJZl+2d3BYp03UnArDA6y
Score

1^/10
behavioral19 behavioral20
- Target
  
  Kiddions_menu/Readme.md/spec/data/cairo-multiline.pdf
- Size
  
  6KB
- MD5
  
  a4cc434461064dd84a0c3ccc4f473fc0
- SHA1
  
  2faa18788ce85d06285851239910304d506b5e9b
- SHA256
  
  fa00502ab667d77427ad25a08528efbcc6403a3edaae3d62b669712eafa11137
- SHA512
  
  498ab622255c1ca79196a57373aab9b112a7f6efb01faa9c16c28ebec523f044c2e20dcf1c9d11ced55df742fd97b82cea4e1c5337beb6229a81df7840192e61
- SSDEEP
  
  96:IzMk2bIqHOWbWLG57G1FRsPRKjhoLNjdrFyb3syKntRBgVaT1sU0u0Um1nk1:IY/yLGARsZKSNRrFyv0BiaT1z051nI
Score

1^/10
behavioral21 behavioral22
- Target
  
  Kiddions_menu/Readme.md/spec/data/cairo-unicode-short.pdf
- Size
  
  6KB
- MD5
  
  1a14e09a6c7846b9ea0e619e064403dc
- SHA1
  
  93d1d9064d79c9a5b8d3414cf58f59834bc4d394
- SHA256
  
  051fe846440a731bb5f1c4f691e58d06c6e36ddae71431a0469f50466854d16c
- SHA512
  
  e5b886acff44d7e618a029764c9dfdfeb456be351a380d6d4235f329e8ebecf23d0be4771cbb0039732798efcb3b42f4b4959f933b801d3ca53996f61d0d833d
- SSDEEP
  
  192:ny5vu3W61E6ZCPvZtKSBc3Q8Y9JxEpcXD91skDx+7S:y5vu3LA3Vc3BY9JaSh1skDx+7S
Score

1^/10
behavioral23 behavioral24
- Target
  
  Kiddions_menu/Readme.md/spec/data/clearscan-with-image-removed.pdf
- Size
  
  21KB
- MD5
  
  e23e6771ff494e4c16a4c58a72c36aea
- SHA1
  
  0c86038cd9cbcbeddcf4a7023aed320d86f0241f
- SHA256
  
  9d8e3994e70d41ebc1bb0ecdb0fdaf133c0d6701f743e933f9666b9f40faa4e7
- SHA512
  
  5619a833a7e86fa50b995bdb062c3517dc6cc9335a5c5ad968b1fe5bb991bd987f72f007438a1088c3316ec5d033aeb0a7755f4d7e98f0db452a9b937adba986
- SSDEEP
  
  384:9Bbq41koLiBkayWMhpVQQdV8xgkTBZshB8qlzljlYIl2WcQzyL3g:9Y417iuZhjQQyguZsMqlzljlYIl2WDys
Score

1^/10
behavioral25 behavioral26
- Target
  
  Kiddions_menu/Readme.md/spec/data/clearscan.pdf
- Size
  
  13KB
- MD5
  
  d7b929232c52193d02dcc5e7a4bee015
- SHA1
  
  7a9d1bdae382d9319c509cf72f26e8f0e12c6b21
- SHA256
  
  0b48f71d85debccb1552993d48423a0d01d5fa235f233ae576718d66283ff326
- SHA512
  
  65bfc9a1bd72288204758c0e00da16a7d691b1e2604c34d04a9c3727bbd249ea3f2ea52b9a4682f8fd22016f72de28029375ada8f2445109e77340fb17a853e8
- SSDEEP
  
  384:q4s/y41koLiBkayWMT209MMyl6E9+T9An6bc:4a417iuZTf9EW946Q
Score

1^/10
behavioral27 behavioral28
- Target
  
  Kiddions_menu/Readme.md/spec/data/column_integration.pdf
- Size
  
  56KB
- MD5
  
  c0b40f59ad663b80c5a234174639f680
- SHA1
  
  057e3921630e02b59e2d3df35fa4b62c8475b110
- SHA256
  
  69f3ad82336e4a5450510785c732c7b5c101436d728b41b9dc35024680982a2f
- SHA512
  
  c3865c71be6d032c0eaac41a111d59140bd97bbf51d19ed24c6f89cc31c9f4ee850c399b7b98883699d86ee5a470b34c6716a574f54b4716f69935096769aff0
- SSDEEP
  
  768:52dNNo5jd5MwWCHgv37sOi1aOEhV2S0+SadoIKQrYqdpIqW97cZqKfblVxKlCFdO:52dg5j8bCyoShV2SndoxQrURKfJa3
Score

1^/10
behavioral29 behavioral30
- Target
  
  Kiddions_menu/Readme.md/spec/data/content_stream_begins_with_newline.pdf
- Size
  
  910B
- MD5
  
  6c447a7c6c99eb2b984ab2fd4c8d9c61
- SHA1
  
  9a2b42df0c12e97752a32589fd8d596b9505e30e
- SHA256
  
  f01de4c5aef0c1344b95586dbaa2d53edcf0decf9ffa40d4754b38c150e74a91
- SHA512
  
  2812beeaa8f650984a3f51ac7ed444f514f478b3847b98282b8e0dd700027043fde75b738cba6013c161cadbece07aec1de3c833782fc026e9c7cb2a1704626b
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

T1064

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

RedLine payload

Uses the VBS compiler for execution

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of SetThreadContext

Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32