redline | f3c9796ca11327d3e9dea426349da3962a379f1c81feee1e93da016ba37b2db1 | Triage

Sharing

General

Target

mоdmenu gta5.rar
Size

114.4MB
Sample

240615-wvdn4azejh
MD5

309f4e7bd5b75e50c9e83cd97e8522c1
SHA1

42247fd8c542edbf11be8a6d236182c6394b079c
SHA256

f3c9796ca11327d3e9dea426349da3962a379f1c81feee1e93da016ba37b2db1
SHA512

f711196a79db4905dc8610e5a24cf029860238c9e15f5432c49d5260b61a386e8ea250b6f7e0e28191e5ca99a1b73a35dc6877caac8706d3293723424870bef7
SSDEEP

3145728:Io4IcgDM/1e7UpNZ3ZLunvD/tu5WfVchB:IcDMN8UfZ3ZLuIWdchB

Score

10^/10

redline evasion execution infostealer themida trojan

Malware Config

Extracted

Family

redline

C2

91.199.154.172:15486

Targets

- Target
  
  mоdmenu gta5/V2/modest-menu.exe
- Size
  
  16.9MB
- MD5
  
  ce03d8db32b901caba01fa8b1beefe54
- SHA1
  
  76377cea7317bd28af0ccaab276bd49360936a9d
- SHA256
  
  a568e2a4d89ab76ab9ff11b30bf320dcc4413353660678c51abc79863ff3c1c4
- SHA512
  
  40ef98ee1dd411d3f634f9fe1ccdac0bc8fa5d13b1392ac5d045bf130db6efc5ebae48298d02a732fe634af953af10c004d54c3a4d5862b7f9cd6736f6ddbfca
- SSDEEP
  
  393216:YwOMvc42XGU57JO0OTOUbHvnqdLNZHgbATTT9:Yeh2Xb1Ra4LNibATv
Score

9^/10

evasion themida trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  mоdmenu gta5/modest-menu.exe
- Size
  
  391KB
- MD5
  
  6fa8b408eabd31b852279fa5a872a441
- SHA1
  
  3a841e5628f6a35c285b5d4c5dfc238de76056db
- SHA256
  
  229b5412d38ab6be95fc30db6116b6b5b4f5f38ca0c83d13e8b5e5f485be0efc
- SHA512
  
  acddba6eb875db0595fbcf09ddae61c70448b55813acf076cad1ad1293460dcd61a3ce3617bd893b8abaf2be3ffdb8e241287e19fc940071e57a1ecc3d721067
- SSDEEP
  
  12288:ZFBZ98gjwtD9jTzfMMLMlg4Db97XIn6Bl:ZNwtFT7MMolg
Score

10^/10

redline infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  mоdmenu gta5/scriрts/0cnkwaa9q5.txt
- Size
  
  30KB
- MD5
  
  5cc801952b89127336e4160c6124d66b
- SHA1
  
  05c8375e66fe53a7098b71c51cf07bba7ee6aa2b
- SHA256
  
  edba04c213ecc59559d206633a83832b3f179dfad08011453ec90d210f1a6cbc
- SHA512
  
  722ba703f23c736ad6c096f0239bae299b51bdd5936d846d876b5b4282f3c1e12986bfda29ba8d98797b1e02ac13acb7c75c13f841194b1565b319cdd8873b75
- SSDEEP
  
  768:PDXtxtRU5leFzXtNtVXtZtQXtftjXt2t7Xt3tYXtBtutJtoXt0tJt8tuXtUtXQo2:PDXtxtRU5leFzXtNtVXtZtQXtftjXt2X
Score

3^/10

execution
behavioral5 behavioral6
- Target
  
  mоdmenu gta5/scriрts/0dn0mq0w0b.txt
- Size
  
  27KB
- MD5
  
  eab5eddc74924bf863981606ae103dcf
- SHA1
  
  0076f19c351ebd65165643fc5cb9ce1c7685bb3b
- SHA256
  
  6d5b99ead2f7466ceb7b6b16863580df6d121bbb255aa4234d195f87e0db7968
- SHA512
  
  985a0d421c0763f89a69812c0e1b483eb264dc24e255c9808adc98889abd0744dc774b9226d75618248dc38efe016f5a4d49e2df506922774bb9f03c2ab8a0d9
- SSDEEP
  
  768:PDXtxtRU5leFzXtNtVXtZtQXtftjXt2t7Xt3tYXtBtutJtoXt0tJtgtL4BxF/Lzd:PDXtxtRU5leFzXtNtVXtZtQXtftjXt2h
Score

3^/10

execution
behavioral7 behavioral8
- Target
  
  mоdmenu gta5/scriрts/0dtyyww8nd.txt
- Size
  
  21KB
- MD5
  
  9b9be1877909a23fbc20f0b3d6456a7a
- SHA1
  
  7074da3af34db78e0e75e2085abb16781f7af192
- SHA256
  
  561e220cbdd901da03568eb0ddfea74dd930600743ec07fea21ad37df140839f
- SHA512
  
  0cc638885f2a72c001ed7e63f0e9e29a2882a21397638b306920a01ea6f20dba3b01459b389a524a2060f419c03805206e1b9bee20a8f0361353f3a4aa2b1aee
- SSDEEP
  
  384:K1Upg1yAymz2Dimz2DfrOd+dqgXxSXzzHfiEnE5Y7mjYXru:Q2g1yAymSDimSDfRX+PHj7UYXru
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  mоdmenu gta5/scriрts/0ebo92q6y6.txt
- Size
  
  35KB
- MD5
  
  e2f93890ff80b068e672cbfef74816ab
- SHA1
  
  ce32cdfefc049a24b29281006ed71406a9ca121c
- SHA256
  
  10716312f836032e9b96f73b35674267e44fe0585a3dd9831bfbebaa423a7dc1
- SHA512
  
  8e8f999800d4e041db6986db319333aced4c7471ad0c3f5e21ced3636d687eaf26d3b09a4e84f20ccbf331165c22169b46f08ef30218f0eece6d06c92970bd94
- SSDEEP
  
  768:e4F+XtNtVXtZtRXtHtNXtftwXtBtutJtoXt0tJt8tuXtUtXobXtUtXQzXtUtXnaC:e4F+XtNtVXtZtRXtHtNXtftwXtBtutJe
Score

3^/10

execution
behavioral11 behavioral12
- Target
  
  mоdmenu gta5/scriрts/0fbgb0t96l.txt
- Size
  
  30KB
- MD5
  
  ac5e9aa1a68f6d63378278caaf8bd8d7
- SHA1
  
  f129e312fd8ffe21edbb52c8c3dc17a0e1c40fa5
- SHA256
  
  e5aaec47813c52aba69429a939490d4c456db3dd28c00b79c26d78fd935e0339
- SHA512
  
  b9ad33d64ec03bbca46d6451bb713c2a3d77515c16a96077fa85c4fa8f453c129ae53940aacaf6f52d2092ea89bda7f87754823d42f298ccb845a2aeff9df7f7
- SSDEEP
  
  768:Dz+XtNtRXtHt1Xt0tJt8tuXtUtXQiXtUtXoeXtUtXnrXtZtV4gOsTy4/Dz3EfM+R:Dz+XtNtRXtHt1Xt0tJt8tuXtUtXQiXtQ
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  mоdmenu gta5/scriрts/0gha3a1obr.txt
- Size
  
  30KB
- MD5
  
  ff6bc7160d5202d71e6029436173b77e
- SHA1
  
  0790684a028fb1204888dea646bc704d5f947d03
- SHA256
  
  2bdc8b45b6ebd321a575777676d5f1f3fd7d3193c4e1a4e431fc80701bc08195
- SHA512
  
  811532ab186606bf20dd2f44a05255ea804b530f2b093ea21490d7cbfb5072340bdd1b680f146d23de7f30e7c0ed795655346b617bdaecc135c8d7dd1c435c2e
- SSDEEP
  
  768:f+XtNtcXt0tJt8tuXtUtXQiXtUtXoeXtUtXTNXtHtcXtZtV4lyTstizqAd59fMh:f+XtNtcXt0tJt8tuXtUtXQiXtUtXoeXg
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  mоdmenu gta5/scriрts/0h5rxtglhd.txt
- Size
  
  34KB
- MD5
  
  ae0bdc90c785d456379648bae3d1141d
- SHA1
  
  35c1919a9f23ff7e0e281e0864baa514cf8a5aaa
- SHA256
  
  72363e219aa83a99dfc5e269ee3e9c69608201bb2e199e8ae78caf2c1da293ee
- SHA512
  
  09ede808eb4d7cdecb117e98bf086cb840dee628c16a9d654112c96534e02e529ede345abd890695fafa7ece9c51ecd8013f5a3046252f6866782c4d7b76d14e
- SSDEEP
  
  768:e4F+XtNtVXtZtRXtHtNXtftwXtBtutJtoXt0tJt8tuXtUtXobXtUtXQzXtUtXnaT:e4F+XtNtVXtZtRXtHtNXtftwXtBtutJP
Score

3^/10

execution
behavioral17 behavioral18
- Target
  
  mоdmenu gta5/scriрts/MailKit.dll
- Size
  
  837KB
- MD5
  
  c5cd71489d9c78d85d89a895bf463cc4
- SHA1
  
  ab017768139d5731756260a8f9674e089347d9b9
- SHA256
  
  75211b1b7c7af76c7cb09c8ee32f0cad82db86daad15633690ee3c6881a717cb
- SHA512
  
  8ca003cc5a7b9253320cd66b4dc57bd8ce8b81e7a72e8d30af528b13128cfaa32739f7253f9dbc7844b00ce8a49d00370b9822db7530f0ed916b2b8f32952665
- SSDEEP
  
  12288:Mz6bczVeI3nauKmSG1iFvbeu4N8OdJVRwwlBhu9hayNuw9K:MBzVrVjiFvbeug8eVRHhu6yNuw9K
Score

1^/10
behavioral19 behavioral20
- Target
  
  mоdmenu gta5/scriрts/freebl3.dll
- Size
  
  893KB
- MD5
  
  079f48ed995b415d79f99d7f5facacc2
- SHA1
  
  06eff6d1482c5a35a85a82dd37660b237e5e76b6
- SHA256
  
  f5465f6b92a425a2a8e42726976a435cc5f7ce93a2dccc670dce597db26962df
- SHA512
  
  9a1366aa0c744492bd40a8b9b225946017f3db76a7f6e75dca8006dc220f78b3db7338feffa2b8f3d55a5de42b4811250297d6158270925b4baf5b10f172aad5
- SSDEEP
  
  12288:3a/guyHlrThAW96zeM5mCcN9XrztMRXrUKZ/qqnhhe/lC:3QJyBTn92eM5mCcN9X/tMdYKc+hhQC
Score

1^/10
behavioral21

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionthemidatrojan

behavioral2

evasionthemidatrojan

behavioral3

behavioral4

redlineinfostealer

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21