redline | 2fe936d6b25266ad008ffe359931fc537bfbc3f00774af009c2de5f3abb04e1c | Triage

Submit
Reports

Overview

overview

Static

static

Redline_20...ub.exe

windows7-x64

Redline_20...ub.exe

windows10-2004-x64

Sharing

General

Target

Redline_20_2_crack.zip
Size

17.0MB
Sample

230129-edrqyshf72
MD5

29c151659c2460d90adaca01a53045c4
SHA1

e1a02696511991705827352a1496861997f72e42
SHA256

2fe936d6b25266ad008ffe359931fc537bfbc3f00774af009c2de5f3abb04e1c
SHA512

96d1fb469f91d1a36d374aaad497362b7e11110f7ed708c24136fce5b6ae11a14a2b7aa6cdf86e5d58e8149fffb0b8512bff2f6079531eae92d8089b9b39f4ed
SSDEEP

393216:VcPxpiFTFeTwhLN3zmLen6r0OnbNm6TMaEcqpKVtckzH:KpGFqiLZb6Q2bNm8MaEcqdU

Score

10^/10

redline xworm cheat infostealer rat trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Redline_20_2_crack/Kurome.Builder/stub.exe

Resource

win7-20221111-en

redline xworm infostealer rat trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

Redline_20_2_crack/Kurome.Builder/stub.exe

Resource

win10v2004-20221111-en

redline infostealer

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

194.145.138.85:28105

Extracted

Family

xworm

C2

194.145.138.85:1604

Mutex

Iom8xb4NUaLbxykI

Attributes

install_file
USB.exe

aes.plain

Targets

- Target
  
  Redline_20_2_crack/Kurome.Builder/stub.dll
- Size
  
  96KB
- MD5
  
  625ed01fd1f2dc43b3c2492956fddc68
- SHA1
  
  48461ef33711d0080d7c520f79a0ec540bda6254
- SHA256
  
  6824c2c92eb7cee929f9c6b91e75c8c1fc3bfe80495eba4fa27118d40ad82b2b
- SHA512
  
  1889c7cee50092fe7a66469eb255b4013624615bac3a9579c4287bf870310bdc9018b0991f0ad7a9227c79c9bd08fd0c6fc7ebe97f21c16b7c06236f3755a665
- SSDEEP
  
  1536:9G6ijoigzKqO1RUTBHQsu/0igR4vYVVlmbfaxv0ujXyyedOn4iwEEl:BSElHQ/ORUYos0ujyzdZl
Score

10^/10

redline xworm infostealer rat trojan
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinexworminfostealerrattrojan

behavioral2

redlineinfostealer

© 2018-2024

Terms | Privacy