General

  • Target

    Exitlag Cracked 16.1v.rar

  • Size

    4.2MB

  • Sample

    240410-mbhz2acb49

  • MD5

    451806c60f6f0c52cbb49026d4e14d89

  • SHA1

    8463cb0297d3e3b9bd28713d1ed75ef4d78b887a

  • SHA256

    090f2f668799ba806d6e5ec31bf7ff1fd39b7260f129f4d6a944decae0f04df9

  • SHA512

    e59a94c974f32d2e275d97add0a1eac8fdf794db008f0ecd69835ff120afd93e446852849e30f1bf598c57305891cf7d536b645e91dccd01c07dfe2679465cff

  • SSDEEP

    49152:uMKPSGs1uhQvK+8UU2JyWIpeHWf/j6fVThnaYvWG/W7FWmOEa4u2Q/L16JyFH7QE:JAsli2UpcWf/jcs3FVQh603pUrAeA

Malware Config

Extracted

Family

redline

Botnet

@Ebursteamss

C2

45.15.156.167:80

Targets

    • Target

      Exitlag Cracked 16.1v/SDL3.dll

    • Size

      1.5MB

    • MD5

      cfb1a1c99e10399cd70805f83a9f2552

    • SHA1

      748b6064b7aa0b735cef70addf6402c942e11534

    • SHA256

      62f1aaa6a7608990c628c0c6c81f0b12b19e97d0fa0f2cd7a39eac859e62cd9b

    • SHA512

      f016f76d21184a935e70fd4dbd43386549d4d99754610168ce942d20b655090fd748b2c621dfdc9ea579568a6f0cc3ca435b8ae31b38e9acdc6906d64fbfe487

    • SSDEEP

      24576:GxrJww7e22SBOhtXMoqAYKKKFIrF4MFn7AAuqND68ZKX/GgmNU39VBCARkbsAiJo:GBrF4MHuqRDZKX/5Ws9pAiJDml

    Score
    1/10
    • Target

      Exitlag Cracked 16.1v/SDL3_image.dll

    • Size

      232KB

    • MD5

      72e5436ce413c4132c99ad49d1c5434e

    • SHA1

      a8643fcb3a85aa0bf2eaa3f67e055c48afa69636

    • SHA256

      fe0d82bfbac24f278168c385dad90e75d85aae9ff1fd8e54f7a2b908f13e78d7

    • SHA512

      a726b504ff931260a548d85ebd81b365d0bfc7767eddcd7d909cae3428d114bf8813c57caff248e81fa1a95c3a7d7ef04408e653c45fca4fc6127dd21cbc43a0

    • SSDEEP

      3072:E+BlPPr46x1qZgG6OZRvpSzoA7PCd7r3thtCvmOnL0/iDfsKKb4gM/D1btqNnrGO:3lAMCd7rTtCvJLTDDKDM/DDhg

    Score
    3/10
    • Target

      Exitlag Cracked 16.1v/SDL3_ttf.dll

    • Size

      1.6MB

    • MD5

      ad56b88c5165b3b6d64c3335af6ad533

    • SHA1

      69ebf811c0d10841f6264a98ade06d1ab3a61f8c

    • SHA256

      07803a28a527126dbfb0da580c82e99747df50297ef492829dbcb593bd78172b

    • SHA512

      6448b98d3ffd3a4dfc1c5e6552f2602644506707da4dad83c5a89cedbc65101f499879339d79d111f978f2a40ab38ca0df831142d6c64f557725f085bbf2fd80

    • SSDEEP

      24576:8SBXg5eeFMXqwaAeuYpZysG3hldm3nlLqDlDKZ9YGdFX6tAX:8cXgfFseuQysemUJD6YGHX6tK

    Score
    3/10
    • Target

      Exitlag Cracked 16.1v/Setup.exe

    • Size

      524KB

    • MD5

      51572f0efb4215101e57a85710061718

    • SHA1

      b16af0d8d82e578b333f192e3590c794d50e85a7

    • SHA256

      5bc00e0d5b240ef921484440fdc739abfc1d478cf62e9c72a53493cec8c6f7fc

    • SHA512

      8a036618c42b6237f6d2fcb56b4567c15ce0830a79bfbeeb5a4448e9e9869895263234635ec6463ef1a75931722b9d5e0160fea96f9900b434d998c56f329a5f

    • SSDEEP

      6144:8zMFIEAiKeUH7Cc5vNg0XSqJ6pi10RXMk9rUNshEMoi/biylY/1Vfvab:jF1KzCcd7XyqnkWNUEMtmXab

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Target

      Exitlag Cracked 16.1v/chormeset.dll

    • Size

      20KB

    • MD5

      7e624a0c6e7feca519bd19f2e4ea5ebe

    • SHA1

      147cfe0ffeb8168c767ec16230be6409704ec823

    • SHA256

      b88dca6ae123d8ade83838c356b90b24356fc48246acd64c3047ae83d2d56dee

    • SHA512

      f7c6e5da328ffb7d93a9453fdfef5e5686f7048fdfcb73e38449cc08aced4cd894ad1322631012f94ccd6bd6f336967ed9b1b750e13bb5421e0f216481292620

    • SSDEEP

      384:DDiuVgFfj3vV8Q4jfpwKNsgM8wah7cdAM+o/8E9VF0Nym3tNW:vVgFfj3vOD0gM8waOdAMxkEC+

    Score
    1/10
    • Target

      Exitlag Cracked 16.1v/installed.dll

    • Size

      20KB

    • MD5

      803d0c699a91475132b8151bff25e905

    • SHA1

      522eacfa36c8cfff530053169e993f59a69328cc

    • SHA256

      c4f6fba8da9394e73f3d2854697794877d6e78aa403bda9a417df3ba2ea3b910

    • SHA512

      2d7b8d416f306a40bf592b5aaf098859e7c95e416a6e0f5115e24d4d91d97982772482178d060d1f621715b04139dba20d1345a2527f257809a6fd8601171676

    • SSDEEP

      384:ZiuKO1fTeNryM8pwKNsgM8waer9AM+o/8E9VF0Ny5Ys1r:tKO1beNr1pgM8wamAMxkE1r

    Score
    1/10
    • Target

      Exitlag Cracked 16.1v/installedbrowser.dll

    • Size

      20KB

    • MD5

      d019e04c68e540091f0db7cea493b0f9

    • SHA1

      124852e5723e8c49a870004469c129ee94ac22b2

    • SHA256

      89695412eb3943140a6b5733ac0d39a9086788a4737eb5fb16d92fb2547a2460

    • SHA512

      f2d9309eb67969a7b261055dbb3d33f9110fbeb2c97acdd7595f5590bad5339e6c20f667ce7ae9271d2d939a1cdc1953ca8c2abe870b1f373dfea8cce3805395

    • SSDEEP

      384:/iuNqHozZ/8aDY2pwKNsgM8wacVTAM+o/8E9VF0Ny08EJ:/NqHozZ/8dTgM8waeAMxkEQ

    Score
    1/10
    • Target

      Exitlag Cracked 16.1v/laungage.dll

    • Size

      20KB

    • MD5

      27abb916a3039c6c946c6640ac5a7131

    • SHA1

      6dd46e7ca282649c7a87a926c91e44c3ef192472

    • SHA256

      ad10b0aeca561db71592a9beb321ac1ca728bb12d76c6ea256d1224265cecd7d

    • SHA512

      1dbfc224c33f7326f2ffea5ca8902edeae782ece92ce3c84d54d2979925990b5466854010410aa9a880e23a32c40d244837f435b3f26faaf5fc09cc171ac69fa

    • SSDEEP

      384:fiu95UReU8XegbuCdH2pwKNsgM8waj/0pAM+o/8E9VF0NyJlA4:f95UReU8OYTgM8wawpAMxkE3

    Score
    1/10
    • Target

      Exitlag Cracked 16.1v/libavcodec-58.dll

    • Size

      4.9MB

    • MD5

      5dd132a65a3829e2534436255112ec8b

    • SHA1

      4461e0c1d4aff818882e73e31e3fbb612379da94

    • SHA256

      38bb9bb273bf94c8a533a55eb6dccd57fac2420db1b00018ed2051a97dc25e80

    • SHA512

      4327d6e727aa919ad41b6b8f4b37112fd3c8eb240a09c7cd104c4f8992dc1b1d153d46e636b6bd55df774bc147c1c96a23e6ad8ae09df4352668b76a35f871ca

    • SSDEEP

      98304:8yCDJkaJk5SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSvSSSSSSSSSSSSSSSlwwwww1:hCDJkaJkT5mP2yDqjasxNXJpDF4zBerc

    Score
    1/10
    • Target

      Exitlag Cracked 16.1v/libavformat-58.dll

    • Size

      1.4MB

    • MD5

      3c7bc5b6603cec694ef088bd677a672b

    • SHA1

      e6de48ad68b7064b096e374fa80fcc84d845c977

    • SHA256

      1639253b474d9da6e4c1fdda53a5453e76cc1dd9743ad8b3ba2b4294dd07d5e1

    • SHA512

      064a06e3701cd319462d2a515c7f569e10d9783d0f3ad1df583220861acfb657262426d7d1c69d54f22276876ab16214d9e3e0f6ee8216a790c2f955ab1c0890

    • SSDEEP

      24576:WAsXZWwA5rE1vKnRIpbkbKBmJsNKZYzfXMgnilD6tiyIHy9YTexjrRyhiwToH:WAspUMCRJKBAZY4oi0jrRlwT+

    Score
    3/10
    • Target

      Exitlag Cracked 16.1v/libavresample-4.dll

    • Size

      578KB

    • MD5

      da412d5959011eb6db566908ca9c1ce8

    • SHA1

      a7309698d34e6de665860317e059bb095c213e92

    • SHA256

      7d3403eeaa38fbf43cd18cdf034d8ea5e271ab1fad72ce624f6aa8692d00f1e5

    • SHA512

      b142c3cf6aa45645909b49d32462b04fd3a106203de6ad9b533730159006ecdee6175d56af768d1566c10472ca0bba48d75575a489ec6e5d27e237107ebe352e

    • SSDEEP

      12288:Hx+1aYfcKToINMyVZBJm5QsW894V9r2UaNs1+gzPzjYWEx4E+2Yv5Nu:0FzjYMv5Nu

    Score
    1/10
    • Target

      Exitlag Cracked 16.1v/libavutil-56.dll

    • Size

      1.2MB

    • MD5

      0372fe05da238a315df054ab788d2891

    • SHA1

      0052e55424d644224fb6c17342b5bd0787aab640

    • SHA256

      b7c5616f1c3ca67a8d818d33481e3497ced67dfb92e0d80cc78ecde983cc7d61

    • SHA512

      821ca7fafa77edafeea72315b898cd96eb62d05f8a8376cd418818034146f5feedd5dca3fcc03ea08b244f9435f7d55a8a8e133c926207cfb254da1718cab0d7

    • SSDEEP

      24576:TeNaqLQN99oBo9BmGTNWW1Ih2QQ4vROb46yk/5G1z:TeNJC9ko9BmGTEw4NGch

    Score
    3/10
    • Target

      Exitlag Cracked 16.1v/main.dll

    • Size

      20KB

    • MD5

      fda0c08d4d8338c6f85e2aac572c2a93

    • SHA1

      f199168b8f977500dc8a842d46fd8412baf2a1bd

    • SHA256

      928bbb74ee0c820381d778351db50ef5787283c82ff557ff77a0351f71447784

    • SHA512

      2ef4ff7020d290b493b0560487ace68ff1e214f20cffbb56ac621dd811f10667ebd6fa4fd73267e0923a0d1b8afdfd18381c20802905e0d5c48b0741dc54e14f

    • SSDEEP

      384:X1iu2u6mndkt1YY1pwKNsgM8wateYAM+o/8E9VF0Nyhp0b:XZ2u6mndkjHqgM8waBAMxkE/e

    Score
    1/10
    • Target

      Exitlag Cracked 16.1v/openvr_api.dll

    • Size

      260KB

    • MD5

      2fdfa82223228c1e9430d0bad68a8328

    • SHA1

      24ce79a2588b26c33d309e3d0846ebe9010c4f45

    • SHA256

      7b83ed968423ed724a8668c4126d81faf099a5fb5e457f806b3256b1caf9b596

    • SHA512

      bf8590e1d89db52e59a146d62f8916e0bc418febab4dfc44da0e5e505d4fab6be3d230aed1d8c22ba0744c432a8edd2158077bd1ac0c1aaae7d4ef0702650e97

    • SSDEEP

      3072:RlkrIs9euKubZCAaUh5spFPEyUjipPrsygCTsX2Dx26hVz4bS+/LKPluQiUKFYI:3Sl9zdaeT+1rBTsXb6h5tWQ2FYI

    Score
    1/10
    • Target

      Exitlag Cracked 16.1v/uninstall.dll

    • Size

      5KB

    • MD5

      10c6434f2180b6a97711755968a18f20

    • SHA1

      98c6ac59f1591effb975ca2215aa38634a55eeee

    • SHA256

      2b0875133200aa106861b007f94fc78c2df112105b58bf6147cd9a892d02daf3

    • SHA512

      1296bd9547086e519fd7e4cb7de9d288636d4f18bae2c2d7bfbf372fc7cd5c3f48976e9d5323c039f4e2d4a898bdaa05e6a59d8d90c478f8577668ac00784a81

    • SSDEEP

      48:6zvUokweAHNLRHXZI1WAOk6srpyg8x0lEsPYkjor1Se6BfO2Uoo40w63XD8wcBwm:qMohVtLRp4F1rAIlECYHmfO23oK

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks