redline

Sharing

Copy URL

Twitter E-mail

General

Target

Setup_new.zip
Size

23.6MB
Sample

240707-1yywnaygjq
MD5

2194b09b6cc0ac2c4cbcf73df7fe6d1d
SHA1

770e315808c44ec0242c35abb2c287e7a3b1da8d
SHA256

7869aefd04fc720314984ac0d887078d001baf7f8c880369dcedbaee0ede9e3f
SHA512

18d15247bf4bfa7b97d30d4b9e307a80bae7e3e854d197123afd734e8d0d8637aa7d4e6f3958592814d504b7ea43cc95a734613c7fead289bc665f8006605ccf
SSDEEP

393216:mTk0gukpcsJ+B/PLKjAPrKYEwjmtHL5JTx1z/om3/ccV08XaueoyqBT8wTf:AkXfI/PS2KYzqHLTxOw/c+NXaQ/8wTf

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

@kl1891

94.228.166.68:80

Targets

- Target
  
  Setup_new.zip
- Size
  
  23.6MB
- MD5
  
  2194b09b6cc0ac2c4cbcf73df7fe6d1d
- SHA1
  
  770e315808c44ec0242c35abb2c287e7a3b1da8d
- SHA256
  
  7869aefd04fc720314984ac0d887078d001baf7f8c880369dcedbaee0ede9e3f
- SHA512
  
  18d15247bf4bfa7b97d30d4b9e307a80bae7e3e854d197123afd734e8d0d8637aa7d4e6f3958592814d504b7ea43cc95a734613c7fead289bc665f8006605ccf
- SSDEEP
  
  393216:mTk0gukpcsJ+B/PLKjAPrKYEwjmtHL5JTx1z/om3/ccV08XaueoyqBT8wTf:AkXfI/PS2KYzqHLTxOw/c+NXaQ/8wTf
Score

1^/10
behavioral1 behavioral2
- Target
  
  Setup_new/Setup.exe
- Size
  
  857.5MB
- MD5
  
  4f1dcd0326005508e615eaa6ed0c042f
- SHA1
  
  6cee8944facd0584fab93276335ef8a111e7339f
- SHA256
  
  6a4c84fc184ec094e5596ce27a7a73eed4d9eab52e093620eab52e1749bc436a
- SHA512
  
  98003749fa4af7df6e187d64f8ed055f2a97a93a6422fc06accb960c7b503b6b50ff59ee12c6d5c060eda4c894cd2c5fb536e4aada1790e414c5ca574c3032e3
- SSDEEP
  
  12288:lzm2IZlyMyaDXDY79YfjlEyHoijSWYm7G6l8jMRSCtx:lzmrlyMLv1PIyvzqfw
Score

10^/10

redline @kl1891 discovery execution infostealer persistence spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Power Settings
  powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.
  persistence
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  Setup_new/data.bin
- Size
  
  19.0MB
- MD5
  
  ef0dda43daf11d6118a5310bee73f1cd
- SHA1
  
  f5455766f0b643a65e89cbd54ea8c090b9abe523
- SHA256
  
  d59cdc52efc57fcc6e0008290de2fc2b7ddb1c5c624ed747c87944723803df15
- SHA512
  
  b41f6354ca4998f801ddb9d9c46aad31ab18997d3c2271371bd7e5297be3490dfd1643dbacfea7ace523bbd60da296f30fea3a7dc629c7a0799353cca8a83fc8
- SSDEEP
  
  393216:sHqOpYyDx04MQFKWI3eeo0T2WedOOJUiZLJh+SuTnZv35Tv:sHqKDNJi3eWadjUiZLJASuTrv
Score

3^/10
behavioral5 behavioral6
- Target
  
  Setup_new/libEGL.dll
- Size
  
  935KB
- MD5
  
  69b57cc7076f64e550cba1d21372dad2
- SHA1
  
  a3c69cf1801de74757a46bab7c7c75815f449828
- SHA256
  
  432e802e5bbc1afc66732fb9511aa1d431294e6c4999d7e4dfb4e65f2773f6ee
- SHA512
  
  6142982ed72b8c55d562f823b843739d427d799c85f91d7a4777020751719d18fbc9d0e3befd3f9ae7df1a0c1a361ef320e5df4bd862469061688c9894593221
- SSDEEP
  
  12288:OXdUddsHK2HmT3v/6tDpu6KsulmJOZ6yQUE54k5RxOTVR/Facyg7jQG17UkAT/DC:Znr3vGY8JMI550JFxthUhtkPK+fn
Score

1^/10
behavioral7 behavioral8
- Target
  
  Setup_new/libeay32.dll
- Size
  
  2.1MB
- MD5
  
  9c8b228d392411aeec50905c2d80cf5d
- SHA1
  
  54a8d6ec44a8e11a3e232ad63b006b5c1394d6b2
- SHA256
  
  2c125702a00050b7175befb29e58749c8b63e33d51e6093ac04175c303084a83
- SHA512
  
  b993b094174f5564ae4e0f3c333c61ad2d57857761c60273c0d0681845e457ffa7df8bcb61f0c8dcccd12ba702457c610f742879abd339780bc5de805ddc1f69
- SSDEEP
  
  49152:RGqv0LS1e33J+UMFMVDfC/QZG9WUQmCRD75AArD/0lTrWrTZ3BGTy:RGy0LS1oJ+UMFMVDfC/QZG9WUQxRD75l
Score

1^/10
behavioral10 behavioral9
- Target
  
  Setup_new/libgcc_s_dw2-1.dll
- Size
  
  117KB
- MD5
  
  043b39434829ce93637b1801d57b2082
- SHA1
  
  297b5f72104130e17d92789adbbcfab8fe700a82
- SHA256
  
  4d2e2d408d399d066b0aaef2047f7a33515c13c589832de0d9f1ba87a530c394
- SHA512
  
  eee912b21d31c54bf913d11028f1637a041809bbe4cd6a5ca28c664f72b397d67d03230ba652a06b86916aea7e7ff5999a5b26cc14c067ab1652ab82f565edcf
- SSDEEP
  
  1536:8dtiUW76b2IPdo20ERT/TAnckgPfwxsNSGcHy//Rs0l6eeyB0nN0x/W08mZ9DxRw:8G66yo2zT/TGgXsavs0MdmxRw
Score

3^/10
behavioral11 behavioral12
- Target
  
  Setup_new/libwinpthread-1.dll
- Size
  
  77KB
- MD5
  
  1f4411c1f66c9cdf96ca9d7f9caf52d9
- SHA1
  
  ea04be653df7335483c7c8f46367d75d4ad9224e
- SHA256
  
  b5fe4d6408ef2baabdd168f4c7250900606468e9aeb24c71e0c833d3d715ae65
- SHA512
  
  8b95d0533773c5424733862cf60ed0f0d2ed5c7016b602a71dc4ce4a90ef0946de605f46c94fb0f6c3135447f60a00d3476e8b91a61e079885aa764bc1407b8a
- SSDEEP
  
  1536:NCogndcxz8C7iYx3AUwTG36Djm2uYUjslAsvONDuJluLjIGxim3Yx:Nydcaix3v363K+GNDDLjIEim3Yx
Score

1^/10
behavioral13 behavioral14
- Target
  
  Setup_new/msvcp100.dll
- Size
  
  411KB
- MD5
  
  03e9314004f504a14a61c3d364b62f66
- SHA1
  
  0aa3caac24fdf9d9d4c618e2bbf0a063036cd55d
- SHA256
  
  a3ba6421991241bea9c8334b62c3088f8f131ab906c3cc52113945d05016a35f
- SHA512
  
  2fcff4439d2759d93c57d49b24f28ae89b7698e284e76ac65fe2b50bdefc23a8cc3c83891d671de4e4c0f036cef810856de79ac2b028aa89a895bf35abff8c8d
- SSDEEP
  
  12288:iHEqYsrMWIqz473PTiPoH/aGhUgiW6QR7t5qv3Ooc8UHkC2eKq87:iH9YsIWIW4rPTiPofaDv3Ooc8UHkC2e8
Score

3^/10
behavioral15 behavioral16
- Target
  
  Setup_new/msvcp140.dll
- Size
  
  436KB
- MD5
  
  3e992e3412b8067cd215b52e6f906b1a
- SHA1
  
  4aaff9d969d558d355954131b88b1c250aed5d15
- SHA256
  
  c3838cb309a101ca41064358ac65010610064f12aa3d341ea15c4b95e8d525c6
- SHA512
  
  b2c92e710c65cfa2ca4a1fd7da9bfee521e450a63ac9070a8524c2f3abfb9ebf06b6567d650c7c69e2ec2066057b61ee4f1bf39ef6ff66e483c1b445883834f9
- SSDEEP
  
  12288:eGPa9C9VbL+3Omy5CvyOvzeOKQqhUgiW6QR7t5s03Ooc8dHkC2esGbWg:eGPa90Vbky5CvyUeOKW03Ooc8dHkC2eP
Score

3^/10
behavioral17 behavioral18
- Target
  
  Setup_new/msvcr100.dll
- Size
  
  755KB
- MD5
  
  0e37fbfa79d349d672456923ec5fbbe3
- SHA1
  
  4e880fc7625ccf8d9ca799d5b94ce2b1e7597335
- SHA256
  
  8793353461826fbd48f25ea8b835be204b758ce7510db2af631b28850355bd18
- SHA512
  
  2bea9bd528513a3c6a54beac25096ee200a4e6ccfc2a308ae9cfd1ad8738e2e2defd477d59db527a048e5e9a4fe1fc1d771701de14ef82b4dbcdc90df0387630
- SSDEEP
  
  12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z
Score

3^/10
behavioral19 behavioral20
- Target
  
  Setup_new/opengl32sw.dll
- Size
  
  874KB
- MD5
  
  3db95d9910834474528c245fbbaa0e0e
- SHA1
  
  5fb0eac4e0296d5221c408decf2842aa1b335746
- SHA256
  
  6028ad980a9329c270e0bd0ecd8d65129650c72005b038ee96cfdf2fad8c53af
- SHA512
  
  3122f699afa28cf49d99e3c241f145b88f98942cc9a2ebcd6412b6907b5e723f4914f91d3c045abc6b48ab83244179611b73e60b49e7c73a87a2b8f4933cb1ff
- SSDEEP
  
  24576:a6r4lQp6oaYa8o0oKAdx22XkoZe/qbCW0E8GNwn/Xwi:aBWYoaYxRoRdx22Xk1IrkGNwn/Ai
Score

1^/10
behavioral21 behavioral22