redline

Resubmissions

16-03-2024 00:38

240316-azfhlahb59 10

16-03-2024 00:34

240316-aw1z5aha92 10

Sharing

Copy URL

Twitter E-mail

General

Target

csgo-cs2-spoofer-main.zip
Size

786KB
Sample

240316-aw1z5aha92
MD5

5736b68420da285f96af9d380840f14f
SHA1

bb32f696d327065feb501bd6728455c4de25959a
SHA256

ab7ef836e52bda5433e014057e88a57def522ef7e225a1a406208b19ac75e9a9
SHA512

7f059b111289f34d673d53e13d0f4d3f0d1824d4f55c62f12c43564bed40b1af08f458149e39dd0b71ecfef489d9f5270fec4ef28216bc968f6219b88033f62f
SSDEEP

12288:wzLV1pnjxB+GUNDISzPntD37aBhH04dsq570Jr8IA0xTCxJNuSPSBFSolanND9+:CpjP+GAcSzlb7adKj6ITC5MBs2aNx+

Score

10^/10

Malware Config

Extracted

Family

redline

37.220.87.13:48790

Attributes

auth_value
85be55ada7eb5bd02a82897d6d3d081b

Targets

- Target
  
  csgo-cs2-spoofer-main.zip
- Size
  
  786KB
- MD5
  
  5736b68420da285f96af9d380840f14f
- SHA1
  
  bb32f696d327065feb501bd6728455c4de25959a
- SHA256
  
  ab7ef836e52bda5433e014057e88a57def522ef7e225a1a406208b19ac75e9a9
- SHA512
  
  7f059b111289f34d673d53e13d0f4d3f0d1824d4f55c62f12c43564bed40b1af08f458149e39dd0b71ecfef489d9f5270fec4ef28216bc968f6219b88033f62f
- SSDEEP
  
  12288:wzLV1pnjxB+GUNDISzPntD37aBhH04dsq570Jr8IA0xTCxJNuSPSBFSolanND9+:CpjP+GAcSzlb7adKj6ITC5MBs2aNx+
Score

1^/10
behavioral1 behavioral2
- Target
  
  csgo-cs2-spoofer-main/README.md
- Size
  
  2KB
- MD5
  
  117c3711f1fd73ccdf99b4f350b01f5e
- SHA1
  
  5d37a6442a789873b1a407b1fbb398e04871e996
- SHA256
  
  75c3fcb23715f88362a0e660d7a0b59db383bb1a9fb2845462926a82434dda48
- SHA512
  
  1fad5e257a1ddf4989bbdf0c32340005bef05726ab5f693072b26dfccc1aa972e46d79d069a50af7eb599c274fac16c37ca164151a0b4bfc5fad46c0584abc58
Score

3^/10
behavioral3 behavioral4
- Target
  
  csgo-cs2-spoofer-main/Serial.Change/Spoofer.bat
- Size
  
  45KB
- MD5
  
  2f5d048f0459e679eb6d45bda12004cd
- SHA1
  
  997bb6807a737c23fa6ce9668789d932f87f486c
- SHA256
  
  01bb5217494cbaa202a7591a56c2eaf3c7e770139ca8d45373d313c8f87904e2
- SHA512
  
  a46a81b259ac35f8be5812d5c2c20e7ecb6dca91861ffbe83ecdb3ca3caadd08c835793b70fc439f3b9669300f3b617f83fdfb207327b59664af7479f063d6e0
- SSDEEP
  
  384:xefoA9SjSmLIb9a+dcJy10+D2s99VSMZ4YIYkpAlOE0P5Gw4wsID8ankvYBMxTpv:0r/iAlOVP5Gw4tVlMCAVOFJ
Score

1^/10
behavioral5 behavioral6
- Target
  
  csgo-cs2-spoofer-main/Source/auth.hpp
- Size
  
  1KB
- MD5
  
  69f13f877919cecf08c2da83a7be4043
- SHA1
  
  3a6901219d0011401adb570f39184605a4372a10
- SHA256
  
  c805bc2eea5712bd0b71dfa675a407f5178438b20e7f542eab5ba29df4e5bd7f
- SHA512
  
  3b6ee1a629b2f320eaedb1e69d290841be357e405223d2450ac60e6937c269d5dc3bc87a0cc35f66bddf279fa065c817ba58f31cc1215fb76823263d21bd51c4
Score

3^/10
behavioral7 behavioral8
- Target
  
  csgo-cs2-spoofer-main/Source/color.hpp
- Size
  
  58KB
- MD5
  
  2fb88aa76d174fe619f09e6289c6ece6
- SHA1
  
  50553893589503806d69259c671944b571089109
- SHA256
  
  5ac14d9fa7dc1e96760e9e3778caecd9f98127e2a25999fbf0aa12b19ada193d
- SHA512
  
  614b1e49a75eac5835aaf1388b1de72a7e80fc566f15dad1f728500f15c3c946de84d24e0b9e74710489c5a2b53cafcdc556343aa1a4162d97037dca12d30653
- SSDEEP
  
  384:9lLBOokEnXVJ3yBicjtfqqF+97yUbXKjBFMg4vuOSf527o6BlGINuneOv7hr39hL:LLBOobFp31dM2CnNr
Score

3^/10
behavioral10 behavioral9
- Target
  
  csgo-cs2-spoofer-main/Source/driver.hpp
- Size
  
  1KB
- MD5
  
  08c4d64274b5c1689def89f3f7c46120
- SHA1
  
  8a6b1bab1748fccc6684224bfeef4bb01f3c2a0f
- SHA256
  
  a130a4677c8f80b8177d1070393f292d1aff25bcf1538347084386bd3dbf7f7b
- SHA512
  
  bd584483eb53de6111e8e4eba19dc0435377a97908210c9f0343c0e1a2f9a2a4943e0a100d7ec2ccf9a5fc8705c87fe8070a2c7524f75666f5167a9b3548fc84
Score

3^/10
behavioral11 behavioral12
- Target
  
  csgo-cs2-spoofer-main/Source/main.cpp
- Size
  
  8KB
- MD5
  
  200e3347524b5dd0141e91f603e4664d
- SHA1
  
  be9b5f5486cd86c48c7f0b25ee636f6372bd520d
- SHA256
  
  ad7a409cf2e5d46e4985ead9d3322c06f9ec8d145dc9f14670f021f08d9f5013
- SHA512
  
  ac34248c064935bf1b90ff46f61f4c76d3e8cb5f0d47d96aa12437dc349ef954d6fdbcf98aceb88d2957af8cff334666536d1ec226581ad6165c8a933781719a
- SSDEEP
  
  192:qHb6K75o4e6iP35y2twgnFVRIUrUruz5Tmvz6CRKfCG8L:qNSX/fFVmr6Cuo
Score

3^/10
behavioral13 behavioral14
- Target
  
  csgo-cs2-spoofer-main/Source/other.h
- Size
  
  6KB
- MD5
  
  b052a15a1365f1867b08e220bdcd3988
- SHA1
  
  fcefaa7425d7d58424a81997356c5d80b292db55
- SHA256
  
  88c5f462d9f2d6b2af0ede2f42ec8dafe3a502bff7dcd1a6dac6534bd523a53f
- SHA512
  
  e76e9b55f48ff324f6df83b03c97d8c2ce82ce02149eaaca2d730c8b85ef86358c9c1cc353aa1e8308299341d88b6e96e9aadf63aa796b3c11f514709e12cca8
- SSDEEP
  
  192:SOkuu/OkQxK39K/OkQxK3T1Qxj4hUIyF1hUIyOJiXXzUXIyhl21wJF1hUIyOJiXt:SOkuu/OkQxK39K/OkQxK3T1Qxj4hUIy+
Score

3^/10
behavioral15 behavioral16
- Target
  
  csgo-cs2-spoofer-main/Source/resource.h
- Size
  
  500B
- MD5
  
  bbd624efcc83b6fb1804be7c2b11ecb9
- SHA1
  
  f1d707b9b4a945f4dcfaab2873419e5478d2c86d
- SHA256
  
  ef817ecbe718c2cffd5cda330d5318d97699c4834c1910f71378869a54d5511c
- SHA512
  
  84dcbb1720a8244871bcbf98fdb9b1ab43f9b4397fa010a1bcfb33a5fc770c4f2f82b71c72f8194e76f28ad3335644a10b21d9660055b7d56bf1eb20e74c509a
Score

3^/10
behavioral17 behavioral18
- Target
  
  csgo-cs2-spoofer-main/Source/xorstr.h
- Size
  
  3KB
- MD5
  
  0bd83673fa52aa6514fa7ff093829251
- SHA1
  
  cad73cd262950e48baf890ddaf8cb58a9b9cb100
- SHA256
  
  907826916b32281cf7951c8f7308fdeac09f92d8384627cf2080ce6ceb52c887
- SHA512
  
  c9591068ad16764f67a943f0d8a3fd77cc6e32abf98949aa8c2c48ca095e9d3881bf7258f6708c0b610fe71fbb6c0c6a672ae9c42b1ffc1ce886d20e289c0b2f
Score

3^/10
behavioral19 behavioral20
- Target
  
  csgo-cs2-spoofer-main/Spoofer.exe
- Size
  
  1.3MB
- MD5
  
  6be1bbdf7fe0717ff037c91231f6eca9
- SHA1
  
  a2afd81dbe7838f208524f343f0def3eb5d6e510
- SHA256
  
  44c30e51e3d20d0a8f9c0522b7391599ed2849aacd099bc9494109adbb72b337
- SHA512
  
  faf6d2a2ec914f1151fd61f60c679ce5a2728bfb77751334e8bc196f95c031773ce9cf0db4eccd787c972f8e396fb1a206c4ead1b1f5cfb2a30e93db23233358
- SSDEEP
  
  6144:bYEWvQ52Qd+iTHP/0AOlF98sfWd6uZzp4AjFWtAl:UEWvQ5/Tn0HF9HfsvLFeAl
Score

10^/10

redline infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Suspicious use of SetThreadContext
behavioral21 behavioral22
- Target
  
  csgo-cs2-spoofer-main/Taskbar.Kill/Taskkill_clean.bat
- Size
  
  2KB
- MD5
  
  712c005ebe175282f4fd644144f8bcd5
- SHA1
  
  e3167aa2650dc6d15f295a6de9e2b83211f565c3
- SHA256
  
  540ba332bbf723178fe9b662c528dfa91e0aa08f924f4d557664316b2649507a
- SHA512
  
  108021facba33c0297490defa830947fc437d3f1522c8fb874f52d4235b77ecdc88ae66537b2c07c89815b31a38e756207e0d4ca5d2ca6b134939fc2fc2481a1
Score

8^/10

evasion
- Stops running service(s)
  evasion
behavioral23 behavioral24
- Target
  
  csgo-cs2-spoofer-main/imgui/imconfig.hpp
- Size
  
  7KB
- MD5
  
  0ec21486b1fd8db9928ddf6628a7b8ef
- SHA1
  
  77b57693fe8e96160efb28de4d6a92e8f3d4c205
- SHA256
  
  0b582f9b47afaa1e43f09829dc160ff138b4e6669c5e671cf8f9df326b50b241
- SHA512
  
  fc0f7f7f4684f438b5cf05b06190b36f19b18c6bf293548b2ed36d48e9c746b9b8e94c9a19a3e7c39b96d166fe901fc0ae7c73c625cb6448459482c5b5e2bc3c
- SSDEEP
  
  192:9nKgoLWD2oKiRo2seQKqbXMm17hm08EQff+0d:9nAyDxjseQKMcm17hm08EQff+0d
Score

3^/10
behavioral25 behavioral26
- Target
  
  csgo-cs2-spoofer-main/imgui/imgui.cpp
- Size
  
  486KB
- MD5
  
  e8c6e9023d4f028017591c81224f97fe
- SHA1
  
  5fcd53cc07f780314e9e564b9f29e2089c6c562f
- SHA256
  
  c38b4fb005b514c6ba5edc9a521a3de20892c124b1c345ee61e3c0e6d5b8cf18
- SHA512
  
  6d62e874f855cdc7f13cc96c3d083c3cdba91cb9e316a5e85bff39f607953558ebe2422fdfe1bbb872dd2a5e1ab81c58016959307c8c58db2195cf35ad35ada1
- SSDEEP
  
  6144:N15XP6RW9QnHCCluWhjGBd2fyIhxCzuKtTRUZX+JSqOE8RStsvQL8iMy3wXTOW:NjfwHCC2b8xSzOMsvQL8iMyLW
Score

3^/10
behavioral27 behavioral28
- Target
  
  csgo-cs2-spoofer-main/imgui/imgui.hpp
- Size
  
  212KB
- MD5
  
  639d15a1942f0c166d99f4bc4e2fe8a4
- SHA1
  
  88b82d548f3f73fc9d7029a9c60047aa250be12f
- SHA256
  
  58b99e08bc8ed81ea7e9336d4655e420bc665f7da85f0c74889a62f4af3d6e86
- SHA512
  
  09b8e653be1b8d085fc7ba60a36ce60863ff6f6bdc2409e9edc03ef83bc01208959250122ebd38529c67f628735d29eaa441ab2a91abda25d69a6fc6fefb87d7
- SSDEEP
  
  3072:6TSaYx+lpsIw5bKs0CKtSHXfnIq9x3qgugiTZ8D:6TSaYIfsI8/0RYHXfnIqPqpgOWD
Score

3^/10
behavioral29 behavioral30
- Target
  
  csgo-cs2-spoofer-main/imgui/imgui_draw.cpp
- Size
  
  618KB
- MD5
  
  bfe9b29b4b9098a5fcb438cf93e241ad
- SHA1
  
  5c34849aa7359799acebb674c19fa235f6a68728
- SHA256
  
  3c8fec2a9dd4dc07c6801b0c8fa0b591cde77808a0b5d990f818a1cebfd653a4
- SHA512
  
  492d794b876831ac46214322fd0e02458098f11aa31120cbbd6ade3eae1e233d78ca937a921aea6f6336ae9e3c5254bc443b60bf70498abbadbce21cc88f1dc2
- SSDEEP
  
  6144:9MKKoFwLh0pUSzxXu+WjIvzPr7qRul8y5Gv353evuzuec5Dm5uKTtjs9Dg5kUYHp:9Mx5F0pT+ZCrqR/MWAJk55KytGimOtI
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

T1489

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

RedLine payload

Suspicious use of SetThreadContext

Stops running service(s)

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32