redline

Sharing

Copy URL

Twitter E-mail

General

Target

133Software.rar
Size

4.2MB
Sample

230206-qxw1kaeb36
MD5

23cbc06d2fc34da93bb99978629af948
SHA1

a101be8e2177d51f9bd874703271e12933371b93
SHA256

0f25cc153f48f36392da5a07a47c46877506bd03280ecdb746cf3966ed779751
SHA512

a0019db992c918c1c23d7454b3e346845ab8645c609f56465d9e6690c0330fb2cd5983ab3db94d28230f78722cbbd4289395708859362ef840a4f575d99cc803
SSDEEP

98304:PZ+NqkmY1WU1x3XG4SXKj0t+SFBCkUhwG+fuUU7cQCmxW0p6gk4:0mpU1FX0K4t+SD9fufIQCG6gL

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

google2

188.34.179.139:10561

Attributes

auth_value
c2bd24a83976c35835a0723748630f36

Targets

- Target
  
  Additional files/VisualStudio/v12.0/Microsoft.VisualStudio.PortableLibrary.Build.Tasks.dll
- Size
  
  29KB
- MD5
  
  71eb0247b9b25167a541459a89f1c250
- SHA1
  
  0779fba2b5f54f89d642633df1b8aaf8e803d497
- SHA256
  
  273f8dc23cf43b0ea3693a89f392ac009c42ea50bc092d5576a14752530b0f35
- SHA512
  
  159f07d2a5d281cccad186cbdb0900f3d7a98360ea2295c704845189cff2f406fe77e3a67db475d4f751a2b262ee28302a6ebbeb12eeab7faf19717dca6742a6
- SSDEEP
  
  384:82OFYnx0Z7fKkgPs1rhnt3PZQWbgFWs1S0GftpBj4GlmH3HRN7TleApu9PuiX:8PFYefyGhnt/0Fi+KmHvpu1
Score

1^/10
behavioral1 behavioral2
- Target
  
  Additional files/VisualStudio/v14.0/Microsoft.VisualStudio.PortableLibrary.Build.Tasks.dll
- Size
  
  29KB
- MD5
  
  472d998b0410d44ae15cc228262e619f
- SHA1
  
  b58a32660364ac1f8e5a5dff47e2b292206914ff
- SHA256
  
  1b433f3a60d81416c8a6227fe4e0c0574f43c8ec224c23a6d65e7cebbbec87e8
- SHA512
  
  bbcdae648c1d648466987285f314e54fbb72eaeeb8d32d782c94c6884de57a11ece3e96d91ba3c6539e34bc73c48baa4c113a015a92b1d2ba3582ed082f3c3ba
- SSDEEP
  
  384:+smeqBzFvjcOKPZi0ZUMW1QLW48fA0GftpBjns7ERHRN7f4lCXLTo9:CnWOu8gMiJIEBf09
Score

1^/10
behavioral3 behavioral4
- Target
  
  Additional files/VisualStudio/v15.0/Microsoft.VisualStudio.PortableLibrary.Build.Tasks.dll
- Size
  
  29KB
- MD5
  
  472d998b0410d44ae15cc228262e619f
- SHA1
  
  b58a32660364ac1f8e5a5dff47e2b292206914ff
- SHA256
  
  1b433f3a60d81416c8a6227fe4e0c0574f43c8ec224c23a6d65e7cebbbec87e8
- SHA512
  
  bbcdae648c1d648466987285f314e54fbb72eaeeb8d32d782c94c6884de57a11ece3e96d91ba3c6539e34bc73c48baa4c113a015a92b1d2ba3582ed082f3c3ba
- SSDEEP
  
  384:+smeqBzFvjcOKPZi0ZUMW1QLW48fA0GftpBjns7ERHRN7f4lCXLTo9:CnWOu8gMiJIEBf09
Score

1^/10
behavioral5 behavioral6
- Target
  
  Bin/Privacy.dll
- Size
  
  1.4MB
- MD5
  
  4026a37e76e33ed6a81de05f1459e1bc
- SHA1
  
  6513212771dd2d4f9cc061c4e14b50ac5b2c85f6
- SHA256
  
  d6d3bab4393ae5a27539ef0cd4e0fd5170284a631e7c44ec57dcdac66e7974a5
- SHA512
  
  bfc2d1d97ca793a03e099dbcbc43d343030248be819348ca4956700b2984e71916b9e7da55aa459de9a45c45c231071ff4a91ee5f804027e672851920b996a43
- SSDEEP
  
  24576:Z+sFjZGRCI7SdomYKoUXZNAxe4BaIvufnX1:ZjOSnA44B98F
Score

1^/10
behavioral7 behavioral8
- Target
  
  Bin/RulesAPI.dll
- Size
  
  2.1MB
- MD5
  
  0af80bfc69d7c3451c6d3b90d7313c8e
- SHA1
  
  e54e9830f6be8f024fd8a280c71107ff501fedbd
- SHA256
  
  d427297511cc0f637801aabbbe8a5a5526d1bf67cf15296839dbfeddc10f3edc
- SHA512
  
  5e4bb27c2686b9fb3f87f3afaa72250da67d07a4f00ae58279f064d848fd127a3be0ad4919b4f56a3618984cd3f331e48d05c923220e144d974c9073528d3c5c
- SSDEEP
  
  24576:zxBDa823oFojLiY7KKDt370HDnd9BiS9IgBxOUsFsu2td9TCZNw:dhsR/tO9oSyOOkMZN
Score

3^/10
behavioral10 behavioral9
- Target
  
  Bin/Skin.dll
- Size
  
  96KB
- MD5
  
  69f0c471a3f0964929b31dccbb817ef9
- SHA1
  
  a4456d5b4b39f5d01bf10473a3d7d4ca3e649aec
- SHA256
  
  a5e06515287258e21449579ca5d6f9a386fc52a5b5e87326e6da404fe1be5c76
- SHA512
  
  c7bbe28d25495474153f3d70817888b04e3b06ddd7657ea4644293d3644689a7254c6fcf837824f6309f9b84f9d820fb55473d3e6ce17272f22f3cae2bd3b085
- SSDEEP
  
  3072:61AlPrR14tzeTZeKujZVLR3OebMCuOAa8RK:esPrRQuujZZR3Oe1AA
Score

3^/10
behavioral11 behavioral12
- Target
  
  Bin/dbghelp.dll
- Size
  
  1020KB
- MD5
  
  74edbb03de3291fcf2094af1fb363f1d
- SHA1
  
  16b5d948ed7843576781dc4f2a391607ac0120a4
- SHA256
  
  dca9f45efed8eab442b491aebda3e3cce7f5f9fc5de527d2dbdfd85a5be85dfa
- SHA512
  
  b08eb03c54f25979c5aee745530ecd51c5761eb99871b867ff84e14590b32ef3247e17cf63bf953ee1efcb0fda8c4540191b9280db33359fdca352967e42b289
- SSDEEP
  
  24576:YXm4cpDFYD2aC0jH5yrrXlpWrCSyZC0wLHr298TG00g8EAB4a:hpKD2aC0jH5yr7DWRyZlwH29vjDIa
Score

1^/10
behavioral13 behavioral14
- Target
  
  Bin/dllhelper.dll
- Size
  
  153KB
- MD5
  
  1b13ac6572d32448c0e15bf00a04fb98
- SHA1
  
  b145d3e5b2649af1e6c680e8a7f0d5b6f7c962e4
- SHA256
  
  9eb3aabe31f6e0254ecbbb7fffa6f11428e8f85f785739c62fde88be09c81a78
- SHA512
  
  b754b8607d04fbd6165023b5ef1bf01f2af60ce9595ea3a2f7cf03b28355a92310f6d5cbb27247d9270debe62d9eb688778a065cb75ff0d4411d97db283c173b
- SSDEEP
  
  1536:B2ozr2yXFR9TEJYSCUWB1VBbM4mndJsBjUO6sZ9ynxj/6gfyU78uXBaiurkjPZjb:0ozrhjDSCJmuliYuRVokjBjEw
Score

1^/10
behavioral15 behavioral16
- Target
  
  Bin/dllhelper64.dll
- Size
  
  228KB
- MD5
  
  e4c67cc149ca5fa61382f8654409feee
- SHA1
  
  408931b18d31562fe9f3419d7663a1cafcc7f65f
- SHA256
  
  f2f264bd4faa5fccf3bd32a9a7b6b5ffc90754c759dca3127be0ff107bef33a6
- SHA512
  
  49de4dc0de0f25dd279a33124fc4fdc2b80cec6105c70290db48f77068775f1727c5f4d996bf41f5ded424de0318a5eef9e0ad08050a0fd3a8964c94afa89f8b
- SSDEEP
  
  1536:6kig1Ac42h743XNd55vQryAdbEPVBbM44DdROpiMnesVWDwVPhVbOucFCDrMq1np:jT1lh743rvQ4R46hJ/Uyxu9yLBRiy
Score

1^/10
behavioral17 behavioral18
- Target
  
  Plugins/GameClient.dll
- Size
  
  2.1MB
- MD5
  
  20af6810497c664cb019bd198a50cef9
- SHA1
  
  672b9b15c54e6e9f21f2561129f4e9755e609368
- SHA256
  
  4189d8c633aec7ce35086e730f0836a1c1123706369f0dc97ca35b996a3d0478
- SHA512
  
  636376f23d2a8a49c122e6a5c89d6eb50789f841f1abd7496a7af052a3e9ac9386970dbfa402025796b7dcfdbd303ec88ae185fca73b58d4528c39bf91c9c028
- SSDEEP
  
  49152:iPqU3jdBClMyGtBbv5fJ2wMD6u2FtlG3Ec:UqU35Alot5BfJlMmu2Ftg
Score

1^/10
behavioral19 behavioral20
- Target
  
  Plugins/sounds.dll
- Size
  
  263KB
- MD5
  
  11741998816d58791b62a6bb3dda461d
- SHA1
  
  6ec5cdf00c711f76ae7941137fa4e479dd62f105
- SHA256
  
  5f9034170025fca843d990a7442bcdde3bf89dd430aab745319055c8e2bc0799
- SHA512
  
  797bdac7961d55c34e1a8c412b6b1cdf3df312a26c58eb6465f913042e5bd10c684a26637ae4e689bd064090d1f9826b758e9792dc4276746ec7c827f6a3c28b
- SSDEEP
  
  6144:peqMtFE81frJV3KGKhkmPzDTO3VIqJthK60fzQzJb/:3H9PvTOlIYthr0fzyb
Score

3^/10
behavioral21 behavioral22
- Target
  
  Software.exe
- Size
  
  550.0MB
- MD5
  
  38ec27463bdfa2693404fea255560ec8
- SHA1
  
  9e8d299d5782b3f28944d5fdb58d846bf0f080e1
- SHA256
  
  c3479737c9d80e259b1350876c969a429e410ef23f81314d345efc6343c138d4
- SHA512
  
  8fcecf1ed6cb50907318eeb3ec49f250d655685a27f95e5bc03778ccff886ec17df0308388dbe8bd0fde222f09874ee5ba45244af9547c99b025a1dbf1faf973
- SSDEEP
  
  49152:6v84DVnv56zv9VCvA45f3t4tc4WD7Oow3n:6v84DVnv56zv9VCvAWf3Gtc4N3n
Score

10^/10

redline google2 infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral23 behavioral24

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

T1064

Credential Access

Credentials in Files

T1081

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Uses the VBS compiler for execution

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24