redline

Sharing

Copy URL

Twitter E-mail

General

Target

New folder (2).rar
Size

1.8MB
Sample

230327-tpblfaec32
MD5

49495dce9d3a175586b9991792629f6b
SHA1

6f9f3312bb066bb3d26397d53c6b3b2c46d3fb26
SHA256

278c453dd51c8bbb92f35be224aba15a5334b7f2451322b9f2c66ae3137f3681
SHA512

8d40c9ddc4573cae070ec226cb9a4f8a7519c9dafdfdba7cc30573f12fb9b5ca8ef50dd73e3a358d38ee9d8119be53e0ef13a1a498b0fb007829548f58dd9847
SSDEEP

49152:h3yupktUO66WnTR0D0bAy8y7u2jsqpb93KTI+8NX1uoRqWWf35Ft:Fy9tWnq0bA1y5jsmR+0M77

Score

10^/10

redline infostealer

Malware Config

Extracted

Family

redline

45.15.157.131:36457

Attributes

auth_value
f4bbe99787a086a2bbc36d534a2de4f4

Targets

- Target
  
  New folder (2)/DirectInk.dll
- Size
  
  158KB
- MD5
  
  3b07d9d84170b84221e767bb8e0d25f1
- SHA1
  
  38b94df5ac561d094599bebe212449bf76297634
- SHA256
  
  7dc1bd1186ad5833093c330339ca242f578c8eb1a83fb12f7f656b91f40f5fee
- SHA512
  
  0600d38f9495a145d4d7805630a10678a7e13a799835f9c1159e5388237aad654f5c36cc945adb6b71801133cf8ef4e15847510da251a00cb6ff325ee88ad9cd
- SSDEEP
  
  3072:9uU/yqDKcelwIgSJbaTCi4C+YGZiKSME9gFZmK/Q:AUNilzba14Lgg1Q
Score

1^/10
behavioral1 behavioral2
- Target
  
  New folder (2)/Setup.exe
- Size
  
  289KB
- MD5
  
  f34eb45a648c17bd9dcff9ca630b8db0
- SHA1
  
  bd6882177c303ae9a4df8ca33fb15a97d3c6fdec
- SHA256
  
  f0dc8033ddabb70b2552782a1f5ed3332ca02729293a849cb58a60b473be2454
- SHA512
  
  d98240c2eba9ac3318af0a61addd7c00b329098fb1d8298dc4c28d1ef51f0f6d909d9b8234c30de8e64a6fb561c4bd5b804c7842bde3cfc896791a843314defe
- SSDEEP
  
  3072:JruhF8XVGbp9pebqabGC6Fy/pCNmZVOh/iUEIQWQoaypfn7XbX+QphgtqgGax:Jqh+QdvabGepwIYQ/Ty1nZSqg
Score

10^/10

redline infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  New folder (2)/WebResources/Resource0/app1/dc-app-launcher.js
- Size
  
  264KB
- MD5
  
  3b7dfe9956103743fb3b5f372694a3bf
- SHA1
  
  201eb2fa8c40b98a1ecb392b163b20568cf4e448
- SHA256
  
  007d6ad1c7e18ea4d8481feda64ccd6a15e1b9c6969918a3bdfc16b1e87dadba
- SHA512
  
  1bdc0f8448c3d0f572ad89c964bb98f88049e22db7b5cfa02ce442d92daf4bc4f613f47c8d832a5fee881a8080f52fac5afb8f2db869e058ac1a5d8b5fc23236
- SSDEEP
  
  1536:CEDsQ2fPHr170nL1wPvvk9mQhlquCaqDa+5sDa+5RDa+58Da+5ZDa+5hr/Da+5dd:CEIQ2B3Pkg4qM7czhrJPz3nflJb3pB
Score

1^/10
behavioral5 behavioral6
- Target
  
  New folder (2)/WebResources/Resource0/app1/index.html
- Size
  
  3KB
- MD5
  
  0b31851506ed8c5919d9252172b78cf0
- SHA1
  
  1d791bd5fd1717197ffbfa50620eb0affd3f03cb
- SHA256
  
  efbc2f1ea39a9e840c755820be8b50ee6a78ed604514980b984b9ab1ae18a97f
- SHA512
  
  8b33cfe591d23c2bbea14cc54bcddbd8f25833a23ecbfbb2ef85f1a6757d15f93bba99f357d31306732e2b32dec7d01068bb3f0f814dd727b6797f5e60f8c9d8
Score

1^/10
behavioral7 behavioral8
- Target
  
  New folder (2)/WebResources/Resource0/appmeasurement/prod/appmeasurement.js
- Size
  
  63KB
- MD5
  
  c5e93a5eb1ab10949d31bb5f80f95809
- SHA1
  
  d180d65e1319d55e122a59cb75379902612005a8
- SHA256
  
  92a4d2c711a9afb4a041255b6923d4d75a0ca8c292d582a72399416bba73ed38
- SHA512
  
  d0835be6c987644fd1d3ed02ce965166196c54f329ee05499ad9002f36f368b6533d82ac2d70302c40fe403e3281926ee3982863ff03000a2984c5189d8a6e81
- SSDEEP
  
  768:t8GmzOmjiXyJpDFhEBs3bojmI9iJRKyyNRM/8xaGvjjTEMFkc0HI/0z0YJAojzJ8:uDji4DFhEBsKiJEf6223AyDzJJwH
Score

1^/10
behavioral10 behavioral9
- Target
  
  New folder (2)/WebResources/Resource0/appmeasurement/stage/appmeasurement.js
- Size
  
  64KB
- MD5
  
  5b138ea720b0276b00eca90f5d581768
- SHA1
  
  569dc66647a384bbc3439e7f15e82cfdba353770
- SHA256
  
  d2e99f204e8d86f3bbf34e0239d4ed3aead088ee930614bdaa8d7480edd50ab5
- SHA512
  
  c261d0a3df412a0a395408b0ed5b3961eb1f14939e9594e9409a224b4f4dd82ae03eecbdaaff5e64b5b9389c6b6a3e85effab9df3de1c4427c1b30031cb09502
- SSDEEP
  
  1536:4gqbt5rOLWUSlZSANE1Pcl9MBN666qtxNf92:4bngY9MVtx2
Score

1^/10
behavioral11 behavioral12
- Target
  
  New folder (2)/WebResources/Resource0/base_uris.js
- Size
  
  5KB
- MD5
  
  001ec2c7b9a24fb99a7728d25f96191e
- SHA1
  
  27c9890698b098e25c5a58b09294759112fb188c
- SHA256
  
  c2cf0161fb2bfb426c736ee457cc365a9ba52a9b3d01d1801bacf4713415e649
- SHA512
  
  deb8b577a081b851925a008ed703fe16af42d803e1608e3a3a4e91cc000ea571401bd2e94b5f25bf767517cef74ff0d0f239834a25925c5d63f521638e0949e8
- SSDEEP
  
  96:GDfoX6ECy6hkreVF3FCIwfXDFSIAJJaDt:GDfoXfCy6hkMhFCIwfTFSIAJJax
Score

1^/10
behavioral13 behavioral14
- Target
  
  New folder (2)/WebResources/Resource0/index.html
- Size
  
  3KB
- MD5
  
  b497fa31315258244c91634b4e002098
- SHA1
  
  c5eaef2948415dfa872885c10a205833d1b01814
- SHA256
  
  bd50e83afd31dfd5f9810d389236ac00dc9f5b93f5000121022d8d56166d4c06
- SHA512
  
  bbb7303d69669a743a4978c69db559654ff4b80bbda4964f68d248ee82e015eedfc7177fc20b85ea82fde9ed82b3dd24032dc218b368deb2278ad76d4c3608f6
Score

1^/10
behavioral15 behavioral16
- Target
  
  New folder (2)/WebResources/Resource0/init.js
- Size
  
  7KB
- MD5
  
  d2050a17401cabe7ad9490e3be993609
- SHA1
  
  2221cb3ed990a86a11111905a8866efe9c87301c
- SHA256
  
  2a474fa03e9e77fa0b2692482f25c48880f52502b322f7ab09d76f23bfcf812d
- SHA512
  
  b2475d422123533a670d157c16b9ab206d1fed48d471c31b1de51c75d0a6dcef6a880ae5a88d3368c4ec605fe5d659cf4f6a30fe407e98fd4e94ea21df2f91bf
- SSDEEP
  
  192:aDfjikWCX1AsuqDxSPmsoDIkCy6hv6nGinCbIyWkVlmAdFjWSeCI81b7dc88X5:aXiiX1AsuqTsxlv6HYc981bz8X5
Score

1^/10
behavioral17 behavioral18
- Target
  
  New folder (2)/WebResources/Resource0/plugins.js
- Size
  
  30KB
- MD5
  
  65b922f8273d662c21a78710a9971a45
- SHA1
  
  f2d959466ba2d6a6852aff141566d93fd6dbcfde
- SHA256
  
  6f61feb0bbf1ee38b9ad118d3b203b71f4384fbf336a184ee55da6748a2e0d21
- SHA512
  
  1ed6aa3739f63c895ede0fd2dc81a2f4354411a94909d8aa93a0aa1a997d1f4cad493bac4e4902b9b46bb9b8b56fa2720597ce6a9be6601952dc3e0d9c69bba5
- SSDEEP
  
  768:a7aQ8ovfxUvNZUzLdtfx06FPExdEZk+Enk9PEZk+rnlVKfXGh0cGh0wdh3U78V9l:aO5iGMBtfx06FPExdOk+ak9POk+DlVKz
Score

1^/10
behavioral19 behavioral20
- Target
  
  New folder (2)/WebResources/Resource0/variant.js
- Size
  
  268B
- MD5
  
  243c7e5e12458bf5312653892d5d59bf
- SHA1
  
  2178f717d5f59df70ee6d1999792847ef686f68b
- SHA256
  
  49090f650668507294012663db5648e28e7e20e1eee4df6cd5c4493330ba5994
- SHA512
  
  26d7113f7ee309454dbcdd8ea55416a8b76184fab9dcb9e74d7de9704cdd11858fa95d84780e45299cc3c417d5385dfcd735da9149f756f6a93c719ec680b9f6
Score

1^/10
behavioral21 behavioral22
- Target
  
  New folder (2)/WebResources/Resource0/version.js
- Size
  
  2KB
- MD5
  
  2f6342f2f52ae86321ed33c891887e99
- SHA1
  
  0138ec0e8b1418464d61f0cdc3cddf3812c29393
- SHA256
  
  029a3ec8b4cd2b5205c3ea398777c9a6bd14c97db05f6861727eff9544d22571
- SHA512
  
  6f9fefec2ead24529076cc1a5481ef52b03d3c0dede578fce302961ee6d2d486d8b97d44c7be5d0f5fa23ad58cded3a286ab41c4b7ae85555d34b85811d6c07d
Score

1^/10
behavioral23 behavioral24
- Target
  
  New folder (2)/ccme_ecc.dll
- Size
  
  548KB
- MD5
  
  19f2641706952f221d5f1066d064db4d
- SHA1
  
  84bf37c1bd5cb3f35cd2aa934cd9c17cb2690282
- SHA256
  
  cd87094bdb78dbff8a593bef3952495414b2256eb75ac2d466da276d17e8bd9f
- SHA512
  
  155a8d9fe2fe238cbc341cb0f088b5be0b58bc2f0ab70eae488972c0e8cd0e16ae3afef64ab96e0c63f14ac53b2ab167f906e2b94bec7ba87b494121edf5ed67
- SSDEEP
  
  6144:Ra3lDLZaFal9tiA1GzrTJdln27EEvdABkVJAOlRs5DIcxkjSuo64hTQ0IL0QpC7K:RUlD9aFal94PDlGuBk3Js5DIqjv
Score

1^/10
behavioral25 behavioral26
- Target
  
  New folder (2)/icucnv58.dll
- Size
  
  15KB
- MD5
  
  94871d17e0b37fea5685c8d3f2f4acc9
- SHA1
  
  925f06a6fbe14dc7c69695c73baa9c8242d5f2c7
- SHA256
  
  47d1821888a1212a141e27007fe99b3fc77b40fc5926fd6c054b850c5911817c
- SHA512
  
  fc6fb7753f6f407ccdcc9376c17270f35144e6a23c6dea143f6de9f1e2bbca6e65998121a629ec1b43279c85a97077ad49ee85edb92f07040aebcea6f950363c
- SSDEEP
  
  192:kFNMi7v56OIYiYF8rVs9+qARrkUWJfsHR9y2sE9jBFL2UzZUXjo:kF6idIYiI9yrkU4i/8E9VFL2UtUXjo
Score

8^/10
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral27 behavioral28
- Target
  
  New folder (2)/icucnv67.dll
- Size
  
  15KB
- MD5
  
  c89f7b63c258a2d8b68a4bdaf5bbb2d4
- SHA1
  
  b1181f70adef2cfc1b884aa4a895984843ca326c
- SHA256
  
  ee7e175ca56e43932878a617e3a1ac3c005e33ad6964277fea811417ca10d2f2
- SHA512
  
  39ca6c5ad801795bbaafe1c85719afdd7ced663ac2fb6530130797a40cd4ed7047d33292c5b41601408488cb5ed4926f9e0744d158a44b128bf517e0562d6e47
- SSDEEP
  
  192:+0NMi7v56dIYiYF8rVs9+qARHk/2WJfsHR9y2sE9jBFL2UzZ9O:+06iuIYiI9yHk/24i/8E9VFL2Ut9
Score

8^/10
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral29 behavioral30
- Target
  
  New folder (2)/icudt58.dll
- Size
  
  15KB
- MD5
  
  82189149f0a7e4eaf7da185fffb8d694
- SHA1
  
  4dfcdd52c86b4a3752beab5e335ea60a37a4a6e2
- SHA256
  
  35400ebcb8010330e18910ddc81ff5d47386af6f93616b96202112c94f67bfc2
- SHA512
  
  9ea783257b751006479d3bafd30cfb95d9dfcb15bc7798bab15e86437109662b17ed9ce5a3ef98803b21809e3b992dc97a83c392ee3923dfee31d3215b7a8676
- SSDEEP
  
  192:+FNMi7v56OIYiYF8rVs9+qARrkDWJfsHR9y2sE9jBFL2UzZQiU:+F6idIYiI9yrkD4i/8E9VFL2UtQiU
Score

8^/10
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral31 behavioral32

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Suspicious use of SetThreadContext

Blocklisted process makes network request

Enumerates connected drives

Blocklisted process makes network request

Enumerates connected drives

Blocklisted process makes network request

Enumerates connected drives

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32