redline

Sharing

Copy URL

Twitter E-mail

General

Target

Software v1.4.rar
Size

105.4MB
Sample

240726-xey6jaxeln
MD5

d34bb137d76282f7f7dbd9f738e9753b
SHA1

8054b9a1c3e9f12b9d61909fcb1a63421d55687d
SHA256

e9e49f2b993a211c74a71aff025009c2462e7042e50bf19c17d809c7eb8a47b0
SHA512

9efa85a86a0347db493dd57b1721be803fd825920d27b51ce2f89e5f9597159753d2285bfac1c4783cb782b91da8247c01b4bfc28a37f83ed8421032b6dff3e3
SSDEEP

3145728:pgD7nlWIpkMdCFJ73Px3Gr5Jdn/I5ubDj2:pq4IkxJdW3l/I522

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

665841

5.42.92.213:46419

Targets

- Target
  
  D3dx9.dll
- Size
  
  4.7MB
- MD5
  
  397cb6132f9632189d6f2b3bc9bb2b04
- SHA1
  
  f7113885294e61f21e6021f6f3a50bb0eb60b0a6
- SHA256
  
  a34174c9e4bbeb8b8592221e4e0fbf273e008c475875b5a4af45f5266ed58373
- SHA512
  
  0e5bcf302a6dbb76cfb7e00476d41367851df9b42e2f9b0c821fd6db018fda30a2b405026d52a7677af65d35ddc4405260c1bd9eb47c22154b23f77be56dd336
- SSDEEP
  
  6144:jQfN8PRtFlJntIkeUXpWeqQ0c4nr+O12Agvtt1tG5P0M3eFBXUuZLf0W/vouIs3w:1LheqpwQZOqvM1TKPr
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  Launcher.exe
- Size
  
  562KB
- MD5
  
  a124c92118ef2a46667aaff0de615ffa
- SHA1
  
  ad8d41ef91842ce2ed55eb811d60adc756679dbf
- SHA256
  
  b4311abc72d0698ce78000c6cffd9d50cc5c7560bcb0e468c4d7e88b71e2c3f6
- SHA512
  
  cf05d0df75082d2cf9ca87fb5bf5774ddbb7dd5942b2f053741c16acc908062e144aeb138eab75b7452f42fff5db7533d297b597af6845f1d3535beb0d64844f
- SSDEEP
  
  12288:kesJrhOPIvA36E2jk0HI8pJP7/iZ+uASm/oajjKw6PThxlNTz30RheI/5d+ZQKZD:VAhOIA36joSq
Score

10^/10

discovery redline 665841 credential_access infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral3 behavioral4
- Target
  
  conf/remarksGhessWedelns/quinateTelangTawa/Qt5Concurrent.dll
- Size
  
  128KB
- MD5
  
  31955f92dd3ca70cab821b6199018ebf
- SHA1
  
  3177661f6e066460f2c859d2d5453323b68d6eda
- SHA256
  
  d4a01961fff02cc38ab906d3bffaeb49db893edc624f840e06d07985086db29f
- SHA512
  
  ec5b65741685882008769abd68fb88cf12c58b0b9d76f0a6326f352ee7a78cc4567473c50e9abe12fd8af0c06bb1ae9840ee0d5f78024580aaaf1c34e0b14504
- SSDEEP
  
  3072:3Q8Eh7XgsZxlePu00k7hkNKSBMU+m3EkbnW6//V:3rg7wmePu01CXrUkV
Score

1^/10
behavioral5 behavioral6
- Target
  
  conf/remarksGhessWedelns/quinateTelangTawa/SDL3.dll
- Size
  
  1.9MB
- MD5
  
  0da9d68386c0e64daf40cff77466e2c8
- SHA1
  
  c7f9a5326d93d014dae78fa22fb0e18470f44892
- SHA256
  
  b4f795a93afe93a33a361f9a914e8575964dd4e14eb4e6f61e11be5b91e777fc
- SHA512
  
  245d11e4293ae0fe9895b07e825b6a8d5ffe2acf603b42fecdab38722188db6907e67eff40efcd007e6190c38831cc732bf8cd2f7710e70a77d27a4f94b8bbd7
- SSDEEP
  
  49152:Lpnd1mnvlNr5/p6FijeCeBqrqNpzF873I:9d1mJzrIpz2jI
Score

1^/10
behavioral7 behavioral8
- Target
  
  conf/remarksGhessWedelns/quinateTelangTawa/libswscale-5.dll
- Size
  
  1.2MB
- MD5
  
  b1055503c5c378304e1bc7fcd2b3447c
- SHA1
  
  9867b4ab6b1a430242eae51aa2b1700a1ace4a2e
- SHA256
  
  0ef8ffe68f41957b36a3f0390e8fb13e400b41cc7e0f63c2bb43d18ab8c5419c
- SHA512
  
  fd3bb498211f319227998f4950d70ca6ab38ae8637807d2d4d3a92e8f49411aaa7c69179fb8bebec6464b853a8167ba16fde4a2dab4840abf85fe734d720346d
- SSDEEP
  
  12288:AEeeF5w+KtExlqUIxPSN7UAIwwQnuIYI+Ixj6f9bA1pj9vJxcWobCVQgB:AEeeF5w+KcDz7UAIwwQnuIXyJMPT8gB
Score

1^/10
behavioral10 behavioral9
- Target
  
  conf/remarksGhessWedelns/quinateTelangTawa/localize.dll
- Size
  
  251KB
- MD5
  
  a4260f8fa1a7cad0f5125a9ac2682386
- SHA1
  
  51aaa7f7384c0c8520a06b043e50a16ca78fa54e
- SHA256
  
  6768b6d80749de6e239831c59d53b9d73fc85d5354a885a21cf30a052966f99c
- SHA512
  
  9e863641994c8ef40adafb37cbb05339df8b27cfa18a9b0cac6e2d4edda8070913a14e3b1467961ecbd84030cbe0e013d24acc0f2aca8acd3ad4ceabc5f2c60d
- SSDEEP
  
  6144:q14xt+lwaHnXaWXeezAE+o1YJ+6AuLre7UzXQJksPOqySstn5:q14j+lwaHn55+o+FAmreALyksan5
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  conf/remarksGhessWedelns/quinateTelangTawa/materialsystem2.dll
- Size
  
  1.1MB
- MD5
  
  e661c709460d02df923b9f12953a291d
- SHA1
  
  4e883712c27347f16edf1b17bf9455ba99dc1d6a
- SHA256
  
  7f7ade15ad9d9572266c929770388a6f7e3145e607baf5d438b84856d19822cd
- SHA512
  
  0df3d3b23d5208504adf214905105cd93940642fd0d299e1c58d021568da85890d8c37e595c1da5e5884f181c26580ab27e8baec87467131058633d0f185750e
- SSDEEP
  
  12288:qTyIEk9TWVRwCJ0ZnexZQhMtRvE1hrZfbYn6hBj0N1JCg2Pjfsvoou80C/jfF0t4:dIEkNWc14Zzn81bfUn6zj8JyQCebfE+
Score

1^/10
behavioral13 behavioral14
- Target
  
  conf/remarksGhessWedelns/quinateTelangTawa/meshsystem.dll
- Size
  
  1.2MB
- MD5
  
  39eed2616c86e03ef23007e7bf4f0613
- SHA1
  
  c87d0b9d3aeccd5239aca85d8a4b2256fdf922ed
- SHA256
  
  b5b13a820ab317abf5142368b30231de9ff21345e32ef1f9aa03e74c6c511c3a
- SHA512
  
  b14f4f5a8f97e200a78810378d5968f0a40a3621efa8fd9f9dde29095273cca6e860bfe9e913e19ade619f33a50bd7890618cc869b48e41644efd04933ac29cc
- SSDEEP
  
  12288:pYpDYxT6Nbe1shgrOyUUgCkxPrxSuUVMSWcA/JC98kcWjXcJdqRJgguA9ansN6Ma:pnxT0bMnsXUWJhhC9aZYrgGJy
Score

1^/10
behavioral15 behavioral16
- Target
  
  conf/remarksGhessWedelns/quinateTelangTawa/navsystem.dll
- Size
  
  838KB
- MD5
  
  d211b82d30d1ca4b46e76eb9c08d1874
- SHA1
  
  2186d815f51bebbab067afd9f5fc983be27e5965
- SHA256
  
  78ac81c6d5eb5c05736b75653b49dc506e516adc7b73fae2ae57ea2bd8b1b681
- SHA512
  
  16570c4d7ffcf9e6b46459ac60fa601b91126af17a8977c3fc190d724e194e34c1103ea7ce586d8a64d23b310bfc4a30f96179563b8034943c7581b1580a5f97
- SSDEEP
  
  12288:QLlm/1s3xT+uMQivHpGXtVtZwBUJNVBUSow73ialhLxtCEGOxTYYt1/R7I:+lAs3xT+uMQSJSLPFJ6WHLVGOxDlI
Score

1^/10
behavioral17 behavioral18
- Target
  
  conf/remarksGhessWedelns/quinateTelangTawa/networksystem.dll
- Size
  
  2.5MB
- MD5
  
  7443e04f27583dabd4c3ce4428e2f2b6
- SHA1
  
  9bbc6732c31aa9e60e9a6e06f7529fce2c1442c0
- SHA256
  
  cb6c6db89ad85c4cc45133bc2cc780a06c9e695b188685e9e4e022735c26c1c2
- SHA512
  
  f65d6117ddf4ba136a60873d3ddbbfa5d104503e3bf15d6a098656fa6776396e354bb35c659a212db0a9a668b58c359b19529cc900eeea492da1c39bb8776b1f
- SSDEEP
  
  49152:UmM983XKwCtUU6dMkRrPlE3Msb2lfjsJ7IMr7dsFbNoVYYG:t5CtvIUJTJ7TG
Score

1^/10
behavioral19 behavioral20
- Target
  
  conf/remarksGhessWedelns/quinateTelangTawa/p4lib.dll
- Size
  
  131KB
- MD5
  
  dad589718216414e65d162406acd5bfb
- SHA1
  
  09e1c838a2390702a83c4278046d49f8c6276fcf
- SHA256
  
  375cc1cd780718298ca0923a34d71fa4673750c42af9be0e80bffc1da2033d31
- SHA512
  
  3c7425687ae5609056b2a4addd14e48591645004ab4bd090d94237ef7f9a98de66b65709be2c8b08d9973123fa8ecf658832cfb70daacb652f91eb03feda91f0
- SSDEEP
  
  3072:KAk0d6Vx00D8wSelM5Yx/4Ol5I8UgbuVa031UC7fMoyR5t8///:1j6VLD8wSWMAAOl5IEJroyz0/
Score

1^/10
behavioral21 behavioral22
- Target
  
  conf/remarksGhessWedelns/quinateTelangTawa/panorama_text_pango.dll
- Size
  
  2.8MB
- MD5
  
  3bbfdc3427800ba921fc8b1e30277cb0
- SHA1
  
  26e911aa77a6c2bed9e4ebb8e20b5df9cb7f06f8
- SHA256
  
  d2bec36e08077c78a723990143aeabdb36597ee38f65abe388ed7004bc2dc25f
- SHA512
  
  cfeaae896da99cfa53fbf4c912c922d494bdce8110bc3b71e93623253caf6cd6cac70c68f6830008db39c20187c7b4a472969e32b4a46cd5b2200b81486c0990
- SSDEEP
  
  49152:5OjPW1qTKuk2YUy2R15n5wwVdSZ36Gl2bNvYSr+MQTQEAJu4kzB+uVHVIU6iBPb2:HU7Y32QSlufB+h+h2
Score

1^/10
behavioral23 behavioral24
- Target
  
  conf/remarksGhessWedelns/quinateTelangTawa/phonon4.dll
- Size
  
  554KB
- MD5
  
  cabed8178494a074cd39e5dc131f2076
- SHA1
  
  79759ec5c92853b73627da14e5e70f6c6c580a78
- SHA256
  
  a844ddfea7141d42f7cfeb37d9595b19575de4e3c2d880985cea926840b6b3a9
- SHA512
  
  1f8839c48e277db31563ee8e50112ae00751387e3cd3bcfce5f256700b18285efee7d7b73bf4f178f35529dfb098dfa75ac5cf2d2b3d3ce1d1d357a49d928df2
- SSDEEP
  
  6144:vxtEIl2tFT5iF3Jko/mTkxVbgDUbiuLVfOhahE+0yD8zHuitSnsvmTa2GQ2+oNDs:vxtatFT5i5j/jB1Ps8GI1obofz
Score

1^/10
behavioral25 behavioral26
- Target
  
  conf/remarksGhessWedelns/quinateTelangTawa/propertyeditor.dll
- Size
  
  1.4MB
- MD5
  
  bb07baf4c53747d6107635ee6d1b6407
- SHA1
  
  50a0da35d2afbf7b11c442151ba9158e50ad492b
- SHA256
  
  fbe5749a33cd3db34e4d98220fca485221e855d3c4b55ef34d4a4f4ce29e4834
- SHA512
  
  151fd3676808420ba63f413d455fd8c0465c107033431464647a36d13dbb91846d9af08f8966eed933bf66beb1a58452958bea5e4b3177d4c8c0e04e279be6f2
- SSDEEP
  
  24576:iOcn3au6lvA2SHMjAiudYK4xGB7X5B1YcC2uMGR0QkSsJmy761+EYxzwxs5n2wog:huIvh+95zYBn2QkDIy761+Eo86nGMN
Score

1^/10
behavioral27 behavioral28
- Target
  
  conf/remarksGhessWedelns/quinateTelangTawa/pulse_system.dll
- Size
  
  1.2MB
- MD5
  
  ae934b9dd5c4e8e9c760ee1114305f87
- SHA1
  
  7a34fc51d7dd8c70e8407185bb6e83a5d0f3a03d
- SHA256
  
  45832e0e984837d20f10a3ce59cb9034dad13a50b6334650239fe54cb00a6e31
- SHA512
  
  fc460f1af19f720c35c2e2888ec756b6d81769ffceb7552eaa1f4163570c0d61ec505fa9b0d9fc580472d6d11e1441cbab1c5573638fc0b3c9161f9a7a869997
- SSDEEP
  
  12288:jQnXarAbM1Qu3Kw4pYN6XfNS9A5clz7Qvku1Ln3+F7SuwAOdcyxTl0qkNWwmuWLg:jQIjg/PNS9Ae17Qdxn67Iqo0AuWLg
Score

1^/10
behavioral29 behavioral30
- Target
  
  conf/remarksGhessWedelns/quinateTelangTawa/rendersystemempty.dll
- Size
  
  1.3MB
- MD5
  
  4741904f1d6d77bca25f7ccd43691ede
- SHA1
  
  262e89745cce1ebd7a8e2667f6185a9e4c2f189e
- SHA256
  
  b9382932d4a980f3a42789ba4ed11671ba0b955be82d2a69bbcce75b7dfe31c3
- SHA512
  
  65533241a38c3ff062040654dde044f02558a47d1310fac2723741f7928d43333e58862419740456747260a461fde6886d0b88419b1ad38c5b1c80ebada16459
- SSDEEP
  
  24576:5bFRbhF8m7u6TrEpKYiMCTaEdJNUdC3B2jfTHNHoTSzTi0QW:5bFhhtnMCTaEdQu2jbNITqi0X
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

System Location Discovery

T1614

System Language Discovery

T1614.001

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

RedLine payload

Credentials from Password Stores: Credentials from Web Browsers

Loads dropped DLL

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32