redline | 83af52150d2c570afc1d3e9db129e2a9d8de70dada92366780e0a52c7fd74b95 | Triage

Sharing

General

Target

RoweHack.rar
Size

19.0MB
Sample

240525-wr6wgada2w
MD5

a829e15534ad584c18cb8094bf13bea8
SHA1

586a45f824ab2db33a88809b7de49ce2a2093bc2
SHA256

83af52150d2c570afc1d3e9db129e2a9d8de70dada92366780e0a52c7fd74b95
SHA512

72a9cc9775fef5130c886f7fcee4164f99dabc348b7a2cf8ae942d6179f916a97de96e05d4dab3383388a6efba8ea1ae1412f3c7ff1a7718eb4478b48db4b3a8
SSDEEP

393216:leUQyto5X78AGrGkq/PiXOuOAXsURQnlUYJjhUDr5M6rh6Jy6P:lKCMX7vDkq/Pi+CXmlUuKr5Mhy6

Score

10^/10

redline discovery infostealer spyware stealer

Malware Config

Targets

- Target
  
  RoweHack/Lunar.dll
- Size
  
  86KB
- MD5
  
  21fa9db233fa5e686113a592548fde42
- SHA1
  
  d9caaf3b1de87c2263a292f9c1b24daf3c637b7a
- SHA256
  
  404197607e1beeba032a6e7c5b7cd784117b50489e3f216f5360a74134567414
- SHA512
  
  e48462c7d5f014646e71e90aca397d49aea20ad26dc34b840a34c61ee0bfdcbd18d275cc5e3b7936d882f24cb3a7691889ebf2fa4461e666e263870649fcdf7c
- SSDEEP
  
  1536:GP3uEGNYT4UFODLqa6OPyj/xJNuya9l0axynTCW2w+yC97VDV:GP+xShEfJ6OPu/XsyaP0swm79V
Score

1^/10
behavioral1
- Target
  
  RoweHack/Oni.dll
- Size
  
  24KB
- MD5
  
  191259ec846c4ba7dcfcad581340ec1c
- SHA1
  
  bda746ace8db7339f890369fc865421b6a0a15de
- SHA256
  
  52eefbbe1af287695f5c0e108cf449bf0e1080f114ef2cbf8162b4d4a5ea2cd1
- SHA512
  
  e63e9883a95a6446d645c34e1fb56b51f74f1a053fb1718cc9d2362e623653880e198e6d3f85f067271c0b9a7b979b922aa171e082f9836c4cb97c5b6b4a67e2
- SSDEEP
  
  384:DAeIhjdS786ZsCAev8QhSmoEH1zAq9HN5qqdlipYrUKq9n9Nb1EIKdEpbAt:EBJS786Z1SmTAqRNtdllrbAXtpb
Score

1^/10
behavioral2
- Target
  
  RoweHack/RoweHack.exe
- Size
  
  425KB
- MD5
  
  69774d70b2248e0631900882dc3d3917
- SHA1
  
  2a3358e394448c079db91a3ce6caaf95858b30c9
- SHA256
  
  e1df7ba2f9ea92df5649a3efea3847eab44a71fe9984259b91f251e1d2500c57
- SHA512
  
  aac851f2fb68a01d52f8c204a73f5c20b3465bc4fb60f20505df063ee6afaa9b1444f1ab3aaec91261ca354bc5e392a41944108e55665331a39771c00530843d
- SSDEEP
  
  12288:ceYYA0dhj9KUwv9DKF1tHrIzOC3KKetMl1gHe:207wP8F1REzKKetMB
Score

10^/10

redline discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral3
- Target
  
  RoweHack/bin/d3dcompiler_47.dll
- Size
  
  3.5MB
- MD5
  
  6bc4ada9a7cab72f49c564e6c86b4c3e
- SHA1
  
  f0fba01542a0fbe585106f7efd884df65e8c89dc
- SHA256
  
  7d0d1290382ea0e44a3178446a0c202696237e27dbb5f8f0827691092b8f2228
- SHA512
  
  d7ec39514c104b40a42cd3ca956ba84f5a78f237a39f40d85ba54983145bce2dfbc7ec5e0cbc1bf8ab64d1d370371a7cba5e30202d2c1f37782db32486ed7f6e
- SSDEEP
  
  49152:nqr33AJsOB8SLXId6mEjWEmNZMKRMbDhQc6555Rqp28ITdGS90tQhveWja37PLE3:nyUa6PcMbWD86dGZR
Score

3^/10
behavioral4
- Target
  
  RoweHack/bin/msvcp140.dll
- Size
  
  576KB
- MD5
  
  7b92a6cb5d2cad407c457ab12d2b211d
- SHA1
  
  e04020b3448fc6084fa31b7f791f22ff15e31328
- SHA256
  
  3c6a772319fff3ee56d4cedbe332bb5c0c2f394714cf473c6cdf933754114784
- SHA512
  
  b28740c1aca4f0f60a9e4a9ab5a0561af774d977ab6d42a7eea70c9e560c77c50be5d9d869f05d0435e2923f4f600219335d22425807ab23cbbcda75442c4b42
- SSDEEP
  
  12288:RI88L4Wu4+oJ+xc39ax5Ms4ETs3rxSvYcRvbQEKZm+jWodEEVhQ:RD89rxZCQEKZm+jWodEEPQ
Score

1^/10
behavioral5
- Target
  
  RoweHack/bin/onih.dll
- Size
  
  20.2MB
- MD5
  
  4b3c3abc39340b995a75ca8d653267e6
- SHA1
  
  267200bcb3d1fb4686cf2d0e4550e2bb42b3d6c8
- SHA256
  
  b7f4aed94bc27c6d44918758f176b27608e50836bb303c56fa230180d67eb2fb
- SHA512
  
  bcb2795adaaf65d08adb7915f5e38a6d1ea8f7febea4f9c5154d16b50db362d91cae9ecd01375d258312bd25a5755797a9fa559a55ed79d8d5be644faf9910e6
- SSDEEP
  
  393216:wIu0kGHHdOw0Bq9Mo/LIqeTEN23BU5qlyeFo7MGodOJAs0:wUJdORBqSwe1RwqlLWUV
Score

1^/10
behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

redlinediscoveryinfostealerspywarestealer

behavioral4

behavioral5

behavioral6