redline | 84f31611a76e2435dad0a6818bb945a6f9a63cbdaa3cec661dc6e89686e00a46 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

AIO-Giftcard-Generator-By-Acquire.zip
Size

28.8MB
Sample

231011-j6rc4sch49
MD5

2973fff5c33d365a66c153361ce0c566
SHA1

b986cfcd47abd2ec2153c4381b2e777ce3dad6df
SHA256

84f31611a76e2435dad0a6818bb945a6f9a63cbdaa3cec661dc6e89686e00a46
SHA512

f138fbe61d9e3b60eae859c040a3be159c466978ea5baacd7e75246f84d529c9211a6596528d39f232d581042c2f9976960d31128be9e740aa79d0c3a45a9d43
SSDEEP

786432:dqINpwVwy/MtN2CfcUXhhDHm+5hvkfLgnb/X/pQ3ZK:dSKN2ghhz6LgnDPpQ3ZK

Score

10^/10

redline @sfdkjlkjh infostealer

Malware Config

Extracted

Family

redline

Botnet

@sfdkjlkjh

C2

194.87.31.188:40641

Attributes

auth_value
8ba92dfee5aef3dd5d57f4219e603a3f

Targets

- Target
  
  AIOgenerator by Acquire.exe
- Size
  
  2.6MB
- MD5
  
  4d19c4df8fba0999c89e2b0dc8489ea8
- SHA1
  
  bb37020c164567ed253ded508dcacf5c71c55dfc
- SHA256
  
  1ac405c00aaa53ddd1a4dd9885d18999a342c0daf59423c13fab751a40046e8b
- SHA512
  
  d1c438fb446c7cfb2b875c53d5b146e30deaff704f41c00eacba499aa98dc133715203d51ee75a5782aae01f1dde52123e0b566e03bac5fbbf1712bcff9412da
- SSDEEP
  
  24576:rh3qdEdw0S8V+f+9YHYs2fQdKMQJlEl+0dFn++t1Ys7/WCVLnwhl3RuQ55313/YR:rhDa0rV+fAaF+6Ys7/WCVrIl3hYCA
Score

10^/10

redline @sfdkjlkjh infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  Qt5CoreVBox.bin
- Size
  
  206KB
- MD5
  
  f973ad59dae5e08d604bdd0951b86721
- SHA1
  
  38254c1452cf2d6a08cdccd19cfd727cd7492074
- SHA256
  
  08ad0ab617ca9b835619edb021de7e05af50cde5cd73ad69868991dc626999f7
- SHA512
  
  ce192c7c811e1baf687aa8f0420dd143d4746d58098eacd385736497ddc996d303bb8c70f399ef5161d2e08a6a10cd8ce095f86d99a6a0bef12e27fc68932c29
- SSDEEP
  
  3072:lPso85jeh7S6rrL0kDl6U1SQSJaV24yhYzJ4uRv5yh3o3c8yyAg0FuD08UT7g:VMCSIL0kRjbSJi24HzSuRv1AO5g
Score

1^/10
behavioral3 behavioral4
- Target
  
  bin32.lib
- Size
  
  251KB
- MD5
  
  4b4db02e981003d1c2f52c6cc490ebb6
- SHA1
  
  1aef05e660f3ff96bf04d96c6a4ac954f759f500
- SHA256
  
  dcf96953abceeb6763448a4e4b942e6fe4d39b63e4aadbc45702475c41dccdb1
- SHA512
  
  1507ed3e17f9651cf72a36f951982a9a9a7355f487f789075376176bafe2b7422433edc381e0af18f05af8d23bf1fd0e2f783379a5aa6db2bb9265b1419b2637
- SSDEEP
  
  6144:+9eEkiLpXQM/ShnjS0X/KXAk0H+hbxPfcuAPS/OGAOGm:+9tkiLp2BS0X/KwPHimuAPSWGM
Score

1^/10
behavioral5 behavioral6
- Target
  
  core.cfg
- Size
  
  60.8MB
- MD5
  
  6fc1f551548e78b308b40b803eed893d
- SHA1
  
  6c39dab84699aca9b11fdfaf2faf554283bfa7f8
- SHA256
  
  4f8f41defc38a510c0b8c37a6f6f253d1250e99770a746d0dd4d1abd5d523597
- SHA512
  
  1111dbc16d50cec4b4661e7f6e3ac187bab0203ef50dce1149120c247ec3e1bb7b4fd7fc1c1790ae285de6da74c2bcec4ebf4de6423ae719e4cd1004412dfd24
- SSDEEP
  
  393216:su4EJVLu58rLUUqC6euQ96MjSluRizWs07ySsuB6xahl7YwbUfIW21nKNXCcZFUe:VHSC9MkW3xahl7PW21nQIbh+N5N
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline@sfdkjlkjhinfostealer

behavioral2

redline@sfdkjlkjhinfostealer

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8