redline

General

Target

BLTools.1.9.zip
Size

3.3MB
Sample

221230-nbtxzafe46
MD5

197b40946152f7f788009dab2af4702a
SHA1

51513f4e3795567221c4bfb658d3c32345b33d56
SHA256

e0ab9594571ed1a380313fc0d580cf7a9462270b8891e581285f68b5fd1d58b8
SHA512

d95adfa85119d76fa94629a1bd3a82b092728c12dd97cb1343f6efebf018728bdfce431820e449805214e9d453a8896711e752a84956207e5ff9c3d77e13665d
SSDEEP

98304:ojir/gkRR2K4q+PVcWalKO3/yYWY4hPqcXV/LO:ou/5Rp1WalHPz0hPqcly

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

@dwqmosh

C2

neredenkyor.xyz:81

Attributes

auth_value
a94b13695bd4053b8b47b0976366da25

Targets

- Target
  
  BLTools.1.9.zip
- Size
  
  3.3MB
- MD5
  
  197b40946152f7f788009dab2af4702a
- SHA1
  
  51513f4e3795567221c4bfb658d3c32345b33d56
- SHA256
  
  e0ab9594571ed1a380313fc0d580cf7a9462270b8891e581285f68b5fd1d58b8
- SHA512
  
  d95adfa85119d76fa94629a1bd3a82b092728c12dd97cb1343f6efebf018728bdfce431820e449805214e9d453a8896711e752a84956207e5ff9c3d77e13665d
- SSDEEP
  
  98304:ojir/gkRR2K4q+PVcWalKO3/yYWY4hPqcXV/LO:ou/5Rp1WalHPz0hPqcly
Score

1^/10
behavioral1
- Target
  
  AlphaFS.dll
- Size
  
  359KB
- MD5
  
  f2f6f6798d306d6d7df4267434b5c5f9
- SHA1
  
  23be62c4f33fc89563defa20e43453b7cdfc9d28
- SHA256
  
  837f2ceab6bbd9bc4bf076f1cb90b3158191888c3055dd2b78a1e23f1c3aafdd
- SHA512
  
  1f0c52e1d6e27382599c91ebd5e58df387c6f759d755533e36688b402417101c0eb1d6812e523d23048e0d03548fd0985a3fd7f96c66625c6299b1537c872211
- SSDEEP
  
  6144:QDyJst+jyCnzLp9hvHsPvPvPvS2JQvlojidPp:QDyJsvCnzZf4U1d
Score

1^/10
behavioral2
- Target
  
  BLTools 1.9.exe
- Size
  
  3.2MB
- MD5
  
  aa3439f189b7a3f890affe373044fe4b
- SHA1
  
  00cbec1c039876674224227ced4c72cbee713220
- SHA256
  
  1167a4871ea77b72bdcc22b290dd0f01442ec30832bdec4d1698efecaa543758
- SHA512
  
  22e940692487c3ba8ae8702897550ec47691e0e9df4eecef41c3f6977b7ae455dcdcdb20df1147bc37edecfd64f9cdca1697684b09785e616d0c1883774b58a4
- SSDEEP
  
  98304:TQ5nTr7MCu6uV3sIQTmO37cey46YvXocVH/:g7R/IQTTr74YvXocl
Score

10^/10

redline @dwqmosh infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral3
- Target
  
  Extreme.Net.dll
- Size
  
  121KB
- MD5
  
  f79f0e3a0361cac000e2d3553753cd68
- SHA1
  
  4314bcef76fddc9379a8f3a266b37d685d0adb79
- SHA256
  
  8a6518ab7419fbec3ac9875baa3afb410ad1398c7aa622a09cd9084ec6cadfcd
- SHA512
  
  c77516e7f5540ecd13fa5d8cecfce34629acecd9b5a445f5f48902c9e823328fa9a6694ecaa39f5b6053de61c2b850c2d87df25357548afaad6ec37eb3e5e355
- SSDEEP
  
  3072:bdoECIgjBibgp2tBqL0Y++ruXqMG4ih3lbpMqc:bdoECIgUrG
Score

1^/10
behavioral4
- Target
  
  Ookii.Dialogs.Wpf.dll
- Size
  
  103KB
- MD5
  
  932ebb3f9e7113071c6a17818342b7cc
- SHA1
  
  9ce2d08bc3840632092325abcc8d842eeb8189d4
- SHA256
  
  285aa8225732ddbcf211b1158bd6cff8bf3acbeeab69617f4be85862b7105ab5
- SHA512
  
  6b6086cff7b916c0c4536e3c7cba4ba17d6c4be2e4a88a5877be852e197f1f9c9c120d1295acf2b4277a9badd8cfd229ef3c1ab2049d0aeec22d3033be156141
- SSDEEP
  
  1536:qgoPBGuyAy52V+gtTLq6ZUc68h8O0SB/XBboIawHUPV5bKLh8sm6b0gl:qgwBGu2IV+ghd68WOxXBbx+5of
Score

1^/10
behavioral5
- Target
  
  Settings.ini
- Size
  
  2KB
- MD5
  
  9c2fef414b5eb3e759643cb1145a584b
- SHA1
  
  081999c487548a8b8fc59cf776995a0a1007699f
- SHA256
  
  98281d6df063d6f6f8dbccecd9e1b6a454b6f1d99dbfdc9a6e1bf9b2f026d394
- SHA512
  
  c54aabc7d1ef4d8b0cd2c93101fb00a294eecb0e343c8f85ad852d67f0e8582702c97898ba3422ce4a8272b69885ddde23775218380c431ff11cdb48c0eea3a3
Score

1^/10
behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

RedLine payload

Executes dropped EXE

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6