redline | 3ba9196c1baee2899a6b3dbc014ea6f6dc08c3ffbefc227684192d53c6c32177 | Triage

Sharing

General

Target

Private cheat for Fortnite DullWave [TARGET, ESP].zip
Size

422KB
Sample

221205-x4yajaca6z
MD5

51d2452bd56872cb41dd12bd344f8632
SHA1

a8793beb98ebcc97738559ef25ed8c4795c52e3f
SHA256

3ba9196c1baee2899a6b3dbc014ea6f6dc08c3ffbefc227684192d53c6c32177
SHA512

c5521fe48cb1465609cf58b4ba1dc69ca2a0e1fe1e9fcf8d217ccbaee15530e4f3121cd64599590f3221b67d8e514f355dbf9d00f69a3ffce594d3f95fbeb143
SSDEEP

12288:PGsk/TAqVoIve9W6CrxfrJPX+PC6wFOFPFDP:pk/TAvlsLrxjJGPC6GOF9

Score

10^/10

redline 2091678429 infostealer spyware

Malware Config

Extracted

Family

redline

Botnet

2091678429

C2

79.137.192.6:8362

Targets

- Target
  
  Private cheat for Fortnite DullWave [TARGET, ESP]/Fortnite v.21.3.exe
- Size
  
  179KB
- MD5
  
  451f5559158fc0a3fb7edbc263049152
- SHA1
  
  350d7a2f95f29dca0e2bb3b14a5cd472dc613dd5
- SHA256
  
  271b0773fbdbd20e458b9f655707de51628db2bf6837a0796f8798408c40310f
- SHA512
  
  5613a04cbc03d9cbb641a696a3c444c1851aeb17b9d9986a21ab717e7200f7de8688b823c31cf615be27730393ea922ba353d39250044fedabfbb5a931601b43
- SSDEEP
  
  3072:rF05pGdbHCa2AhFHjsiQsEcTy4EutWTrMrfHT0NxO:rF05pGdDCa0ATv0rmb
Score

10^/10

redline 2091678429 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  Private cheat for Fortnite DullWave [TARGET, ESP]/Game.dll
- Size
  
  121KB
- MD5
  
  f79f0e3a0361cac000e2d3553753cd68
- SHA1
  
  4314bcef76fddc9379a8f3a266b37d685d0adb79
- SHA256
  
  8a6518ab7419fbec3ac9875baa3afb410ad1398c7aa622a09cd9084ec6cadfcd
- SHA512
  
  c77516e7f5540ecd13fa5d8cecfce34629acecd9b5a445f5f48902c9e823328fa9a6694ecaa39f5b6053de61c2b850c2d87df25357548afaad6ec37eb3e5e355
- SSDEEP
  
  3072:bdoECIgjBibgp2tBqL0Y++ruXqMG4ih3lbpMqc:bdoECIgUrG
Score

1^/10
behavioral3 behavioral4
- Target
  
  Private cheat for Fortnite DullWave [TARGET, ESP]/Readme.txt
- Size
  
  63B
- MD5
  
  9cf916b40e1defd57943903b97ee13a2
- SHA1
  
  6aa35a894fe90a5d41bd8f3b1eb980babc38338d
- SHA256
  
  f304c2b41a9186561b5bc45ae581b679698636f32cd3b6d11a7a82409e1f2610
- SHA512
  
  a9d6118022ba854ddd56d59647a6aa615f9be8a3293f2366f5cd292050abf9560e63d94a019d2059c0a22ee63a8463bb89839efa070e5775d3141d6f710a2220
Score

1^/10
behavioral5 behavioral6
- Target
  
  Private cheat for Fortnite DullWave [TARGET, ESP]/blackking.cfg
- Size
  
  359KB
- MD5
  
  f2f6f6798d306d6d7df4267434b5c5f9
- SHA1
  
  23be62c4f33fc89563defa20e43453b7cdfc9d28
- SHA256
  
  837f2ceab6bbd9bc4bf076f1cb90b3158191888c3055dd2b78a1e23f1c3aafdd
- SHA512
  
  1f0c52e1d6e27382599c91ebd5e58df387c6f759d755533e36688b402417101c0eb1d6812e523d23048e0d03548fd0985a3fd7f96c66625c6299b1537c872211
- SSDEEP
  
  6144:QDyJst+jyCnzLp9hvHsPvPvPvS2JQvlojidPp:QDyJsvCnzZf4U1d
Score

1^/10
behavioral7 behavioral8
- Target
  
  Private cheat for Fortnite DullWave [TARGET, ESP]/lan.cfg
- Size
  
  121KB
- MD5
  
  f79f0e3a0361cac000e2d3553753cd68
- SHA1
  
  4314bcef76fddc9379a8f3a266b37d685d0adb79
- SHA256
  
  8a6518ab7419fbec3ac9875baa3afb410ad1398c7aa622a09cd9084ec6cadfcd
- SHA512
  
  c77516e7f5540ecd13fa5d8cecfce34629acecd9b5a445f5f48902c9e823328fa9a6694ecaa39f5b6053de61c2b850c2d87df25357548afaad6ec37eb3e5e355
- SSDEEP
  
  3072:bdoECIgjBibgp2tBqL0Y++ruXqMG4ih3lbpMqc:bdoECIgUrG
Score

1^/10
behavioral10 behavioral9
- Target
  
  Private cheat for Fortnite DullWave [TARGET, ESP]/loader.css
- Size
  
  103KB
- MD5
  
  932ebb3f9e7113071c6a17818342b7cc
- SHA1
  
  9ce2d08bc3840632092325abcc8d842eeb8189d4
- SHA256
  
  285aa8225732ddbcf211b1158bd6cff8bf3acbeeab69617f4be85862b7105ab5
- SHA512
  
  6b6086cff7b916c0c4536e3c7cba4ba17d6c4be2e4a88a5877be852e197f1f9c9c120d1295acf2b4277a9badd8cfd229ef3c1ab2049d0aeec22d3033be156141
- SSDEEP
  
  1536:qgoPBGuyAy52V+gtTLq6ZUc68h8O0SB/XBboIawHUPV5bKLh8sm6b0gl:qgwBGu2IV+ghd68WOxXBbx+5of
Score

1^/10
behavioral11 behavioral12
- Target
  
  Private cheat for Fortnite DullWave [TARGET, ESP]/main.cfg
- Size
  
  103KB
- MD5
  
  932ebb3f9e7113071c6a17818342b7cc
- SHA1
  
  9ce2d08bc3840632092325abcc8d842eeb8189d4
- SHA256
  
  285aa8225732ddbcf211b1158bd6cff8bf3acbeeab69617f4be85862b7105ab5
- SHA512
  
  6b6086cff7b916c0c4536e3c7cba4ba17d6c4be2e4a88a5877be852e197f1f9c9c120d1295acf2b4277a9badd8cfd229ef3c1ab2049d0aeec22d3033be156141
- SSDEEP
  
  1536:qgoPBGuyAy52V+gtTLq6ZUc68h8O0SB/XBboIawHUPV5bKLh8sm6b0gl:qgwBGu2IV+ghd68WOxXBbx+5of
Score

1^/10
behavioral13 behavioral14

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline2091678429infostealerspyware

behavioral2

redline2091678429infostealer

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14