General
-
Target
Classic Baseplate.rbxl
-
Size
117KB
-
Sample
230609-w9zvwadh2y
-
MD5
7fd101811b433f81f37ec1c95c541c90
-
SHA1
3c99026b3a52052a6bd24f66d1f6a717904df441
-
SHA256
f14b33944ff630392e0540faf2f6ca73efcf2a1f94133760e669563579d86139
-
SHA512
09b3fab8ddfebcd0ec6573eb5d38121c1e5ec442b7f0f766f6f24520ac951805bde6d69a8752d5422bf34924db4794b7422093dc2173d50e3bc138f4ce474d9d
-
SSDEEP
1536:qZ1bFQv6EHZSMyAFBvwHoNy3h471rhq6MSa1SNWvhackS:qs6+EMyALjMR471rlMSZNWv81S
Static task
static1
Behavioral task
behavioral1
Sample
Classic Baseplate.rbxl
Resource
win10v2004-20230221-en
Malware Config
Extracted
redline
cryptx
94.142.138.105:15111
-
auth_value
a45302b7daf4f87798af144567e5d0ff
Targets
-
-
Target
Classic Baseplate.rbxl
-
Size
117KB
-
MD5
7fd101811b433f81f37ec1c95c541c90
-
SHA1
3c99026b3a52052a6bd24f66d1f6a717904df441
-
SHA256
f14b33944ff630392e0540faf2f6ca73efcf2a1f94133760e669563579d86139
-
SHA512
09b3fab8ddfebcd0ec6573eb5d38121c1e5ec442b7f0f766f6f24520ac951805bde6d69a8752d5422bf34924db4794b7422093dc2173d50e3bc138f4ce474d9d
-
SSDEEP
1536:qZ1bFQv6EHZSMyAFBvwHoNy3h471rhq6MSa1SNWvhackS:qs6+EMyALjMR471rlMSZNWv81S
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies system executable filetype association
-
Registers COM server for autorun
-
Uses the VBS compiler for execution
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks for any installed AV software in registry
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-