Overview

overview

10

Static

static

Battle See...a).exe

windows7-x64

10

Battle See...a).exe

windows10-2004-x64

10

infinst.exe

windows7-x64

4

infinst.exe

windows10-2004-x64

4

xinput1_3.dll

windows7-x64

1

xinput1_3.dll

windows10-2004-x64

1

xinput1_3.dll

windows7-x64

1

xinput1_3.dll

windows10-2004-x64

1

Battle See...UP.dll

windows7-x64

Battle See...UP.dll

windows10-2004-x64

4

Battle See...UP.exe

windows7-x64

Battle See...UP.exe

windows10-2004-x64

4

Battle See...32.dll

windows7-x64

4

Battle See...32.dll

windows10-2004-x64

4

Battle See...ry.pdf

windows7-x64

1

Battle See...ry.pdf

windows10-2004-x64

1

Battle See...ry.pdf

windows7-x64

Battle See...ry.pdf

windows10-2004-x64

1

Battle See...nd.pdf

windows7-x64

1

Battle See...nd.pdf

windows10-2004-x64

1

Battle See...ent.js

windows7-x64

1

Battle See...ent.js

windows10-2004-x64

Battle See...ent.js

windows7-x64

1

Battle See...ent.js

windows10-2004-x64

1

Battle See...ons.js

windows7-x64

1

Battle See...ons.js

windows10-2004-x64

1

Battle See...r.html

windows7-x64

1

Battle See...r.html

windows10-2004-x64

1

Battle See...DM.exe

windows7-x64

Battle See...DM.exe

windows10-2004-x64

Battle See...DM.exe

windows7-x64

Battle See...DM.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Battle Seekers Launcher (Beta).zip

  • Size

    29.6MB

  • Sample

    221206-wm15esdg3z

  • MD5

    33f25af7a71e982d293344d549e1c28d

  • SHA1

    2bc58a5e1e6ff65d4cf9bf341de6aebc0f8c1b8e

  • SHA256

    a5267c56fb82258b9a6b99795bfdca4f6795f3f656bbd6f81d8a74fb3002efdb

  • SHA512

    3683661f96b67bc736fa72dc48af5548101dfdaeb5c987aecfde40f768b86658b694d88fafb68dde3e3f6974a17eda4cc3ceea0919b82c0da989d74b4707e391

  • SSDEEP

    786432:4NRXFvLr8ovbmAdovY4eCdMax6rG1dNZGvxfzKwCbCrQYcInb5n:qVFvLvCDegMax6rELIpfz1dEYcAb5n

Score
10/10
redlinexmasinfostealerspyware

Malware Config

Extracted

Family

redline

Botnet

xmas

C2

79.137.199.206:45354

Attributes
  • auth_value

    47dd71225cb3a0a92188486269819009

Targets

    • Target

      Battle Seekers Launcher (Beta)/Battle Seekers Launcher (Beta).exe

    • Size

      742.7MB

    • MD5

      2e3d7ad58326f7d176677c1d7202a9a4

    • SHA1

      8f86a8b22b322bc4eefad8a7a472655da441f5d9

    • SHA256

      12adceaa860b6efd9988070d8795a22b9996ca7bdd01135a5d510e2e7732e429

    • SHA512

      b767a835516f3c8adc646aa546b7885c3455ddf99163c8916c4a2b4f5b0dd9fc1bac72db118a834e95c2dcb4c1a5196a18e5bd724ce61b5aac90029664b07ead

    • SSDEEP

      98304:36a6T13ABtnyEZMkEPVcQFU1ko0zPrltOC4tihb:L6T13AHnyMMV9cskkBPb4tih

    Score
    10/10
    redlinexmasinfostealerspyware

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

    • Target

      infinst.exe

    • Size

      68KB

    • MD5

      45d4dac07aa361bcd77aa815d1724a16

    • SHA1

      3bbdf7da5d51211ae269572961b5ebf508ada28d

    • SHA256

      34ab99536ea59ad60ba6efda3ea6d18291ef096a0bab3664248d6045805da0ec

    • SHA512

      d940002a8e0112a3b56a909008403b447e9cbb80e38b9bbd508f40aa68224f7e5d9681e1039e747ae939e0829a25be2319b9f9d0862cebb042e4c525ccbc20be

    • SSDEEP

      1536:dSKL6bzRYK/ixmu3XyhJRxjWhKfLXJ/y/Fae:dSKL62K/u3XmxCAfLXJ/y/E

    Score
    4/10
    behavioral3behavioral4

    • Target

      xinput1_3.dll

    • Size

      104KB

    • MD5

      bfb3091b167550ec6e6454813d3db244

    • SHA1

      87e86a7c783f607697a4880e7e063ab87bf63034

    • SHA256

      756cad002e1553cfa1a91ebe8c1b9380ffabe0b4b1916c4a4db802396ddfbef8

    • SHA512

      ce2ead2480a3942081af4df4baee32de18862b5f0288169b9e8135cc710eb128f9a2b8a36bda87212c53fd4317359349c94d38b5da082638230dcb5669efede9

    • SSDEEP

      1536:S1ea+pg4i1fprOwSGiExJ70MBzLrPbYMGsJ0OXrLSkfmrxy/Fae:S1nz1UrGiEPg0LH7GNO7LSkfaxy/E

    Score
    1/10
    behavioral5behavioral6

    • Target

      xinput1_3.dll

    • Size

      79KB

    • MD5

      77f595dee5ffacea72b135b1fce1312e

    • SHA1

      d2a710b332de3ef7a576e0aed27b0ae66892b7e9

    • SHA256

      8d540d484ea41e374fd0107d55d253f87ded4ce780d515d8fd59bbe8c98970a7

    • SHA512

      a8683050d7758c248052c11ac6a46c9a0b3b3773902cca478c1961b6d9d2d57c75a8c925ba5af4499989c0f44b34eaf57abafafa26506c31e5e4769fb3439746

    • SSDEEP

      1536:TVeqvNS6T6jxeEsU6b0xZtDDVb9X8u9JA7zitdrz/R8cy/FaeBD:TVeqvNOeFgxZ9DVVtRBy/EeD

    Score
    1/10
    behavioral7behavioral8

    • Target

      Battle Seekers Launcher (Beta)/DirectX/DSETUP.dll

    • Size

      87KB

    • MD5

      9e0711bed229b60a853bcc5d10deaafc

    • SHA1

      2bea53988bd35c5df5c9edcef0bc234c37289477

    • SHA256

      def6f245762be36cf18b435ba8b7ebc224b9c21d1a1db606a8e8fafdaa97bba0

    • SHA512

      c0b31872e52c8f4270d991c70d1a1c9ef9a4bbee4807c54c05a449cd1607506ab16ff1e74b378651b36e3276322c86cd843565c8a1aa33a49c47322ef4df0185

    • SSDEEP

      1536:OtBqvGpPmOEll4RWxiF9G3ZnVdqkFKJuTJbHo0Xm+jN3i97ZTj4FWMD+ZJqsHPCH:OtAvG5mOEll4Roi2pVVFKJuTVtXVpS9a

    Score
    4/10
    behavioral10behavioral9

    • Target

      Battle Seekers Launcher (Beta)/DirectX/DXSETUP.exe

    • Size

      524KB

    • MD5

      ddce338bb173b32024679d61fb4f2ba6

    • SHA1

      50e51f7c8802559dd9787b0aebc85f192b7e2563

    • SHA256

      046041aba6ba77534c36bb0c2496408d23c6a09f930c46b392f1edc70dfd66de

    • SHA512

      7a63925278332c8e7949555383b410d8848a7834b85f34d659e351ba78cbe4d2ec09caccb2178d801b9b68725c9cbae48a6a1f07f0804a0c41eb51df79b7eca4

    • SSDEEP

      3072:ti6LKecn5W6VOX6dRJar+GHs6Hl56MA6rKmMH2/5Mjt4zT1mFDYkCIEVNUrlfw0I:3F0JarNX6hWs4VRKs

    Score
    4/10
    behavioral11behavioral12

    • Target

      Battle Seekers Launcher (Beta)/DirectX/dsetup32.dll

    • Size

      1.7MB

    • MD5

      0f58ccd58a29827b5d406874360e4c08

    • SHA1

      ba804292580be6186774e7f92e6dfb104e46bf25

    • SHA256

      642d9e7db6d4fc15129f011dce2ea087bf7f7fb015aececf82bf84ff6634a6fb

    • SHA512

      3e3d4f2de5dc5addc86765a2f888487ea0c9ee0208fac60187ddaa9a2bfd73cfd7734836d32805fa43222470c8f6cb9a10e2a099aef72c67ad7c789096e57ce4

    • SSDEEP

      49152:MjnIXtNeOOOOOOOOOOOOOOOOOiWeXiWeXiWeXiWeXiWeXiWeXiWeXiWeXiWeXiWq:YIjma

    Score
    4/10
    behavioral13behavioral14

    • Target

      Battle Seekers Launcher (Beta)/Engine/CompareTamplateFile/new summary.pdf

    • Size

      14KB

    • MD5

      06b1bdd2b5377b5134902264e3e8510d

    • SHA1

      830eda5f9d654e0e3be2a2e392fd858aa5544348

    • SHA256

      7a672f4968e0ad942187d411784a5fcc085ade18a681ca1fdf9217d0ce6cac2a

    • SHA512

      1d9ad92e257d2ace2a0036a5ea4518a8b7b7d00f721e77a16c864732d58c834991d09d24d16c833e3821c04d0125baf89ee78e1960164dc4f5bfb87c2b296a1e

    • SSDEEP

      384:r0oQix62ZmXTCM+M2CbNtOf2RUj37mMzigRpq3JeDVQQn3Z1GYoAcEva:IoQix62ZmXTCM+M2CJtOf2RUj37mMziJ

    Score
    1/10
    behavioral15behavioral16

    • Target

      Battle Seekers Launcher (Beta)/Engine/CompareTamplateFile/old summary.pdf

    • Size

      8KB

    • MD5

      a1038e481049b723eae0cccb16a2be03

    • SHA1

      e1cf008fb7429763dfee7fb42398463251a21cf4

    • SHA256

      312ccb45021cf9df3cbcd56421a259a7c1ee961f9be010871a198c3b9a4f4793

    • SHA512

      292f559e8a7e9366fddb02a0500a2ec58df8017d1a42a104314545e16572e5905102f8093478d298125b100cfec65a16372eb345acee271d0d03bf5dadf2ad8b

    • SSDEEP

      192:P2hD39ovv+BvdpUhLwhVj6ao93kMR/rr/N:P2hD39ovv+BvdmkhVj7g0mZ

    Score
    1/10
    behavioral17behavioral18

    • Target

      Battle Seekers Launcher (Beta)/Engine/CompareTamplateFile/summary Legend.pdf

    • Size

      8KB

    • MD5

      cf7573604f9c1594ae61f860ac3f2c95

    • SHA1

      e6eccdd13c41232377d21bc471c161bf6ec3505a

    • SHA256

      0c50a31f3b69ce9a52a681254c209fa43ad66745198c835ee80b132922344522

    • SHA512

      6581ee1f537c912678182520c9081c3c75d04518f79da39b910f6d4726d38e9f7a5965ed26989c90c36a0b55ddb76d3662f1b3c51912a65d0473bbfe66a4513b

    • SSDEEP

      192:bTJRTGocctDiuQFiiF0FoF8k0YGPq7gVpr:bTJRTGoccBiuQFiiF0FoFP0YGi7+pr

    Score
    1/10
    behavioral19behavioral20

    • Target

      Battle Seekers Launcher (Beta)/Engine/FxCEF/cef_100_percent.pak

    • Size

      642KB

    • MD5

      293d34ba795d03629250b58652a4481d

    • SHA1

      5df428b8b1d8584f2670a19224b0a3a11368b8f5

    • SHA256

      adf4bcc813d9a6adeeff8a65fd671a4e4eec89da6c25e11200b75e1967d1ed27

    • SHA512

      479f18ca723a67356ae80f323584fcc6bae8394f7d018b909f66903d9d2ba926a528cb95e04c4934bce56f8c41c66bc9b94c1765b16925a0eb5e44505fd8e2bb

    • SSDEEP

      6144:lE4wA5HcSjalRrd0E6mdXRU1o5zwVyT5TNhx5c1YC7x10fSucY7OP2ITQ:lE4wAKL5Tbgf1d/dQ

    Score
    7/10

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    behavioral21behavioral22

    • Target

      Battle Seekers Launcher (Beta)/Engine/FxCEF/cef_200_percent.pak

    • Size

      793KB

    • MD5

      e4e531e1401a0a1ffb48ab236e5a59d1

    • SHA1

      5fa7d4173d0a43610378ac26e05701b0f9f9222d

    • SHA256

      acff17e021799cbf549cef405ab808eda9b5e5a6ce7286a038aac2f898e2ac1e

    • SHA512

      2979c23778b68c39c2ad20e65671bfdcb274c449d173f49f365691ddf5c4f3692f5820c5f7474f671f1408e34e1f97bd62bfa718cdf8b45af151380817788745

    • SSDEEP

      6144:mA5HcSjalRrd0E6mdXRU1ojDQYaR+9bGHgs4jTl+TNNz73QYV85u/oFYvwoytKiM:mAKwfIegs4jTITDg5u/oFFpxLlFYb

    Score
    1/10
    behavioral23behavioral24

    • Target

      Battle Seekers Launcher (Beta)/Engine/FxCEF/cef_extensions.pak

    • Size

      1.7MB

    • MD5

      ca68b0881edcff3557fe62b8c063b882

    • SHA1

      f6f0a23c371b11730a975c92f5e0d0df734ca9c3

    • SHA256

      e1a0f920670b0dbb35109c64a7e7fcf1e6390b3c80cc1489160f6645eef59d65

    • SHA512

      d31ce7b6f7ab270fdcfd64887b5b9e82843a1ace8f9196c261d6c5181883bd9cea07f0d9df77c9c60e9a1a2b9e14debb9546d6393c3828abf5ea3e9b5a6a0975

    • SSDEEP

      49152:PezU5VhBDew6N0G1hdAKeBkIBak0xHgryM7PdR:a1h8BaJgGMLdR

    Score
    1/10
    behavioral25behavioral26

    • Target

      Battle Seekers Launcher (Beta)/Engine/FxCEF/error/en-US/error.html

    • Size

      3KB

    • MD5

      a80ce5096a8c14231cdc7125c0e41dfe

    • SHA1

      5ed2d7eb3fd5d12e7465c0728934c83443bbc2a1

    • SHA256

      976675c7bbf80db12765a17985f492f3386dea55c11cba78517234218eeed83c

    • SHA512

      06284ad305e89d947aa74bf5f7c30f2243c29396d5f07c3643750ea587ef760d9e2fb663bc7699d4aafab189d05e5d9e20c739e99a339a4ebb8ce4b94b24d8ef

    Score
    1/10
    behavioral27behavioral28

    • Target

      Battle Seekers Launcher (Beta)/Engine/driver/amd64/VCam_WDM.sys

    • Size

      1.0MB

    • MD5

      6c1e9799bb59c10d46172e67e0a026dc

    • SHA1

      a87993d374f2d5e2ab630137a6ca22432f94fc8a

    • SHA256

      ca9842004ab43ce554e7412f0c388d2e8ffd0afcbff89c9cb33b35ae61e49361

    • SHA512

      d8c915062e8c63ecedb042464fced3f27114ebb1b973dedd4cae57c329cca1b1235ba6860e278dd4904207263892770f80c265d3044f43190dcf5901bf87b3da

    • SSDEEP

      12288:q5vidgTuKHn5jDXwisCQNnzZxo7dfmB8kduR3ZeX1m:0TJHn5jIdBNdmJeFm

    Score
    1/10
    behavioral29behavioral30

    • Target

      Battle Seekers Launcher (Beta)/Engine/driver/i386/VCam_WDM.sys

    • Size

      758KB

    • MD5

      2ec85d32b4badab983969c07581790c5

    • SHA1

      fcf4b3e143e3d77606e1988f4a2346b5c2e036f4

    • SHA256

      22c1c454bbb414b503290a7b827bd13b0c2c62a44e29e25e9b27a29fd5765b93

    • SHA512

      2ff5a750f98708cfb1641c7dadf1ac9da983f0aa3b9cf9f73b5601121ffa81cf50d0509516507ec408b5b6b4ca451530aeaac90e15845ae04f18555fcdbce6b4

    • SSDEEP

      6144:xRnPlFB4vdIxaPEM/EOHj+j0CuWqCbHH/jAq99lFXIUSZFenLV6KXI:fnPlsIxUdDU0CuWtr7RtI9ZVK4

    Score
    7/10

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    behavioral31behavioral32

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

4
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

5
T1082

Query Registry

4
T1012

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks

static1

Score
N/A

behavioral1

redlinexmasinfostealerspyware
Score
10/10

behavioral2

redlinexmasinfostealer
Score
10/10

behavioral3

Score
4/10

behavioral4

Score
4/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
4/10

behavioral11

Score
1/10

behavioral12

Score
4/10

behavioral13

Score
4/10

behavioral14

Score
4/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
7/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
7/10