Overview
overview
10Static
static
10Redline_20...er.exe
windows7-x64
1Redline_20...er.exe
windows10-2004-x64
1Redline_20...ub.exe
windows7-x64
10Redline_20...ub.exe
windows10-2004-x64
10Redline_20...st.exe
windows7-x64
1Redline_20...st.exe
windows10-2004-x64
1Redline_20...er.exe
windows7-x64
4Redline_20...er.exe
windows10-2004-x64
4Redline_20...el.exe
windows7-x64
9Redline_20...el.exe
windows10-2004-x64
General
-
Target
Redline_20_2.zip
-
Size
24.7MB
-
Sample
240702-kdedhsxhnp
-
MD5
97a51d9c58994f6d77181fe62b807556
-
SHA1
11d64d7fe28064dc06f32b37cd6d89b4c5eb214b
-
SHA256
77b9f0c79ae8a64eb8d2f6ad82089b44ceda4144a96840d47371548ead61a763
-
SHA512
2a0c182a4740db61fce9df95332e72f8a044deba18587a7f206ec7bbcd17f4d0392202c5ad052ec35de569ab4207e5122c07889059de82a33d728e9227b7ce96
-
SSDEEP
393216:g6vsKw921Cqkcc0kqRY78G0CYXRpDmbdTTia/7USGo+3rjmKr4YYH+EUWpgXH:g6MLqkcbkVoGJMflhZ3rjB4cW63
Behavioral task
behavioral1
Sample
Redline_20_2/Redline_20_2_stealer-main/Kurome.Builder/Kurome.Builder.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Redline_20_2/Redline_20_2_stealer-main/Kurome.Builder/Kurome.Builder.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
Redline_20_2/Redline_20_2_stealer-main/Kurome.Builder/stub.exe
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
Redline_20_2/Redline_20_2_stealer-main/Kurome.Builder/stub.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
Redline_20_2/Redline_20_2_stealer-main/Kurome.Host/Kurome.Host.exe
Resource
win7-20240611-en
Behavioral task
behavioral6
Sample
Redline_20_2/Redline_20_2_stealer-main/Kurome.Host/Kurome.Host.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
Redline_20_2/Redline_20_2_stealer-main/Kurome.Loader/Kurome.Loader.exe
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
Redline_20_2/Redline_20_2_stealer-main/Kurome.Loader/Kurome.Loader.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
Redline_20_2/Redline_20_2_stealer-main/Panel/RedLine_20_2/Panel/Panel.exe
Resource
win7-20240508-en
Malware Config
Targets
-
-
Target
Redline_20_2/Redline_20_2_stealer-main/Kurome.Builder/Kurome.Builder.exe
-
Size
137KB
-
MD5
cf38a4bde3fe5456dcaf2b28d3bfb709
-
SHA1
711518af5fa13f921f3273935510627280730543
-
SHA256
c47b78e566425fc4165a83b2661313e41ee8d66241f7bea7723304a6a751595e
-
SHA512
3302b270ee028868ff877fa291c51e6c8b12478e7d873ddb9009bb68b55bd3a08a2756619b4415a76a5b4167abd7c7c3b9cc9f44c32a29225ff0fc2f94a1a4cc
-
SSDEEP
3072:abrwd8T7vH96NLS+ld4qRdxtiZQRWkmVnt749m3DIo9O:aH3TLH96NLS+n46dxICRcVntX
Score1/10 -
-
-
Target
Redline_20_2/Redline_20_2_stealer-main/Kurome.Builder/stub.dll
-
Size
96KB
-
MD5
625ed01fd1f2dc43b3c2492956fddc68
-
SHA1
48461ef33711d0080d7c520f79a0ec540bda6254
-
SHA256
6824c2c92eb7cee929f9c6b91e75c8c1fc3bfe80495eba4fa27118d40ad82b2b
-
SHA512
1889c7cee50092fe7a66469eb255b4013624615bac3a9579c4287bf870310bdc9018b0991f0ad7a9227c79c9bd08fd0c6fc7ebe97f21c16b7c06236f3755a665
-
SSDEEP
1536:9G6ijoigzKqO1RUTBHQsu/0igR4vYVVlmbfaxv0ujXyyedOn4iwEEl:BSElHQ/ORUYos0ujyzdZl
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
SectopRAT payload
-
-
-
Target
Redline_20_2/Redline_20_2_stealer-main/Kurome.Host/Kurome.Host.exe
-
Size
119KB
-
MD5
4fde0f80c408af27a8d3ddeffea12251
-
SHA1
e834291127af150ce287443c5ea607a7ae337484
-
SHA256
1b644cdb1c7247c07d810c0ea10bec34dc5600f3645589690a219de08cf2dedb
-
SHA512
3693aeaa2cc276060b899f21f6f57f435b75fec5bcd7725b2dd79043b341c12ebc29bd43b287eb22a3e31fd2b50c4fa36bf020f9f3db5e2f75fe8cc747eca5f5
-
SSDEEP
3072:KEdjrOO8+K46SgVE+mxzqT67iLRi/Gj81GUpYb:KjQjgPmxzq27iLRiuAPp
Score1/10 -
-
-
Target
Redline_20_2/Redline_20_2_stealer-main/Kurome.Loader/Kurome.Loader.exe
-
Size
2.2MB
-
MD5
a3ec05d5872f45528bbd05aeecf0a4ba
-
SHA1
68486279c63457b0579d86cd44dd65279f22d36f
-
SHA256
d4797b2e4957c9041ba32454657f5d9a457851c6b5845a57e0e5397707e7773e
-
SHA512
b96b582bb26cb40dbb2a0709a6c88acd87242d0607d548473e3023ffa0a6c9348922a98a4948f105ea0b8224a3930af1e698c6cee3c36ca6a83df6d20c868e8e
-
SSDEEP
49152:KSmo0SdsEoRykUuulqasMwMcdZa9FHeXXGFr3sylP2/BQ7MWV:lm7UQRyksl9cXwFHeX2t8y21
Score4/10 -
-
-
Target
Redline_20_2/Redline_20_2_stealer-main/Panel/RedLine_20_2/Panel/Panel.exe
-
Size
21.2MB
-
MD5
70f64e55852f812c8ce30b7831accf70
-
SHA1
4ee00b44ce66d871bd69c2ff4d72547953baf488
-
SHA256
61e44f8baccf9d80daa45a5b618c3faaee7b8cdedad4656eb99f49ee80f318fb
-
SHA512
98056894cbea8221af6c7b35a020348e180aefc29b87eb420f215724e5f29bac3418b7dd88dc00dfe0c5adaaffac0bd9da68f2d5dae7a724cf542198e96999eb
-
SSDEEP
393216:acc0kqRY78G0CYXRpDmbdTTia/7USGo+3rjmKr4YYH+EUWpgX:acbkVoGJMflhZ3rjB4cW6
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-