Overview
overview
10Static
static
9devًexec.zip
windows7-x64
3devًexec.zip
windows10-2004-x64
1ReadMe.txt
windows7-x64
1ReadMe.txt
windows10-2004-x64
1devexec.zip
windows7-x64
1devexec.zip
windows10-2004-x64
1Bootstrapper 1.07.exe
windows7-x64
10Bootstrapper 1.07.exe
windows10-2004-x64
10autoexec/test.lua
windows7-x64
3autoexec/test.lua
windows10-2004-x64
3autoexec/test2.lua
windows7-x64
3autoexec/test2.lua
windows10-2004-x64
3bin/api.dll
windows7-x64
3bin/api.dll
windows10-2004-x64
3locales/af.pak
windows7-x64
3locales/af.pak
windows10-2004-x64
3locales/am.pak
windows7-x64
3locales/am.pak
windows10-2004-x64
3locales/ar.pak
windows7-x64
3locales/ar.pak
windows10-2004-x64
3locales/bg.pak
windows7-x64
3locales/bg.pak
windows10-2004-x64
3locales/bn.pak
windows7-x64
3locales/bn.pak
windows10-2004-x64
3locales/ca.pak
windows7-x64
3locales/ca.pak
windows10-2004-x64
3locales/cs.pak
windows7-x64
3locales/cs.pak
windows10-2004-x64
3locales/da.pak
windows7-x64
3locales/da.pak
windows10-2004-x64
3locales/de.pak
windows7-x64
3locales/de.pak
windows10-2004-x64
3Resubmissions
29-09-2024 16:03
240929-thbymatfrh 10General
-
Target
devًexec.zip
-
Size
57.4MB
-
Sample
240929-thbymatfrh
-
MD5
c05b7d9d580d38dbdcd621c982c57357
-
SHA1
3d5650f018436d67b2a52da38e7828bbf4a020f8
-
SHA256
8c6b5434123f98046508c84022b07393cffd6749270f69e6432bbf184b08d4a6
-
SHA512
3e80dd55fb650cfc9c1925de0f00194b8a77ee7287036b16b7ef51a316c1cb4f14d250577b24047d20901a371df0a76becd51d4a5e0b338b7e2f51141540a4ef
-
SSDEEP
1572864:oIL+InvQwN3GEgFg0md2IfEJZZoXmJWK0Vms7KxC/CsPb:f+iYwJCFgPdNqZZoXmJWK0V5l
Behavioral task
behavioral1
Sample
devًexec.zip
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
devًexec.zip
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
ReadMe.txt
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
ReadMe.txt
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
devexec.zip
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
devexec.zip
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
Bootstrapper 1.07.exe
Resource
win7-20240708-en
Behavioral task
behavioral8
Sample
Bootstrapper 1.07.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
autoexec/test.lua
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
autoexec/test.lua
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
autoexec/test2.lua
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
autoexec/test2.lua
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
bin/api.dll
Resource
win7-20240729-en
Behavioral task
behavioral14
Sample
bin/api.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral15
Sample
locales/af.pak
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
locales/af.pak
Resource
win10v2004-20240802-en
Behavioral task
behavioral17
Sample
locales/am.pak
Resource
win7-20240704-en
Behavioral task
behavioral18
Sample
locales/am.pak
Resource
win10v2004-20240802-en
Behavioral task
behavioral19
Sample
locales/ar.pak
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
locales/ar.pak
Resource
win10v2004-20240910-en
Behavioral task
behavioral21
Sample
locales/bg.pak
Resource
win7-20240729-en
Behavioral task
behavioral22
Sample
locales/bg.pak
Resource
win10v2004-20240802-en
Behavioral task
behavioral23
Sample
locales/bn.pak
Resource
win7-20240708-en
Behavioral task
behavioral24
Sample
locales/bn.pak
Resource
win10v2004-20240802-en
Behavioral task
behavioral25
Sample
locales/ca.pak
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
locales/ca.pak
Resource
win10v2004-20240802-en
Behavioral task
behavioral27
Sample
locales/cs.pak
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
locales/cs.pak
Resource
win10v2004-20240802-en
Behavioral task
behavioral29
Sample
locales/da.pak
Resource
win7-20240704-en
Behavioral task
behavioral30
Sample
locales/da.pak
Resource
win10v2004-20240802-en
Behavioral task
behavioral31
Sample
locales/de.pak
Resource
win7-20240708-en
Behavioral task
behavioral32
Sample
locales/de.pak
Resource
win10v2004-20240802-en
Malware Config
Extracted
redline
185.196.9.26:6302
Targets
-
-
Target
devًexec.zip
-
Size
57.4MB
-
MD5
c05b7d9d580d38dbdcd621c982c57357
-
SHA1
3d5650f018436d67b2a52da38e7828bbf4a020f8
-
SHA256
8c6b5434123f98046508c84022b07393cffd6749270f69e6432bbf184b08d4a6
-
SHA512
3e80dd55fb650cfc9c1925de0f00194b8a77ee7287036b16b7ef51a316c1cb4f14d250577b24047d20901a371df0a76becd51d4a5e0b338b7e2f51141540a4ef
-
SSDEEP
1572864:oIL+InvQwN3GEgFg0md2IfEJZZoXmJWK0Vms7KxC/CsPb:f+iYwJCFgPdNqZZoXmJWK0V5l
Score3/10 -
-
-
Target
ReadMe.txt
-
Size
18B
-
MD5
2b5008776d69d3754e616569a9d010b6
-
SHA1
a0b599072e28736498ad41f7871af997a5954867
-
SHA256
fe2a4982aae40e534e98c36b78de508398d1da0b80d2b637f6aa091b3e09e438
-
SHA512
dade16b59383b9cb44b23de8127b948bb25d0e78f6ddf7d45867b30ab86322e89b534776a70e5db0481e885b9980343142f5222764ce61743a208ef49f02bb78
Score1/10 -
-
-
Target
devexec.zip
-
Size
57.4MB
-
MD5
368b5f960053f96ec205c4d837e446fc
-
SHA1
2c9897f27d72a6f421a9993ae2ee4952a6a484be
-
SHA256
20a07bd8b8ec2f4b795d57486b7afa827746dd269ea0cb68bb50b651da7140af
-
SHA512
f8e0b1484e4b52dab7de77ff476dede5246e70efaf357f59607771fefc843e445e33b79307610f0bf07371359d9f42082f1ab3f9d56cf353835c96d6c1a20e80
-
SSDEEP
1572864:TIL+InvQwN3GEgFg0md2IfEJZZoXmJWK0Vms7KxC/CsP+:u+iYwJCFgPdNqZZoXmJWK0V5A
Score1/10 -
-
-
Target
Bootstrapper 1.07.exe
-
Size
310KB
-
MD5
66e2659120cbf66a1d60e63e76c941d6
-
SHA1
d38f3933adb3e70a4f4878fd9388d1f6941981dc
-
SHA256
816b9928538d75d5eabc68327879e3e205bfe820495a20fa06696865282be378
-
SHA512
734271b93cbac615b2b8811c2848bbb5b8818414292e5f8261c45ee54dd3f1310002441193e76c83b686ca16be09cc1b0a3d948533ac1b6a23568cfe5018c8c2
-
SSDEEP
6144:T6hThwAw9HYOzx6BsO/HxISYVFOFM5gdrOpCubFQEXYYSjxSHZbk:T+tmHYuO/RxYy650OpCaF8YSlSHZbk
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
-
-
Target
autoexec/test.lua
-
Size
34B
-
MD5
f051c998ef025a1ccd4f6f7abe16e55e
-
SHA1
2e75e1237531ae3c0647c0fad7cf6ae1687d0e99
-
SHA256
601c187ff3410f7c71258bd29c0e48a9f40a046a745093f71e7172decf0f0eae
-
SHA512
748cb431b3a2208c07187c80a3c5b5174b2c536fb056e7b48646875cbd4392225da4aaaaf376f16ca79ab854245e7638cf02103f0913abff55e005da482d498a
Score3/10 -
-
-
Target
autoexec/test2.lua
-
Size
11B
-
MD5
701bf4a4743e5e0361e26999881a5ce9
-
SHA1
f34d33bcb5c13eae1c15faddc6054e479f74aa28
-
SHA256
c2d0a5e0790d97a015387a995c0d0b5eb3e88138466586fc980787c9b1731eb8
-
SHA512
8c0eedc5dca108eb9682239164cba3c70ba4c12e4520a9bdfa8efce0416ce51534fcea2ef4dcd7ea2dfc684358a064233165b0bda5287892de2014a1f2b21c6f
Score3/10 -
-
-
Target
bin/api
-
Size
18.7MB
-
MD5
88fd7dbf04bcf75123d02009aea3f7f7
-
SHA1
cecf16bdad71e54afc941179ea2b7438a04efa1d
-
SHA256
01481b9a862936fbc090bda4033f22d7ffa5a7bfe5dc32f47c7794332b34eec4
-
SHA512
2c6298b5adf91b51f0042d48e0846f5b196d52a588fd4fc577bf19ec26ad8e547382279a15f8bf131b08b0d7c140534aff25f82d5e8998818b812e72c9493917
-
SSDEEP
393216:hqA/D2IIyzg8DolBo6i0KoI6Di42sC1/syU3DXNs6hq8:hqcaZyV0fC1JOpjhq8
Score3/10 -
-
-
Target
locales/af.pak
-
Size
494KB
-
MD5
c9a3eae18f5c5b237a2bd4fa5fe3cd6e
-
SHA1
0457bb0902682e4b036b61a79aa54d20f6bc9d5c
-
SHA256
1c4b71a30dbb98d19d6cb2704ff2ae2ea72f3a4d117d45b96bfaf4ae0e66df9e
-
SHA512
6db4f90a31d3bc01474fdc45743375f03aa0eec2cf05354e3dbba76f475224cacf2efc58357da12d502c21a0650cc0012c2cce7bf449b2d9efcf5d21de44f99c
-
SSDEEP
12288:KA04L9o3w7irJGiCJYR2+H2JynyaI4In6ro0v7ENgI2CRwHM+2rs3e0lOX5g6tlj:jzL9oA7eJdsYR2+H2JynyaI4In6ro0vw
Score3/10 -
-
-
Target
locales/am.pak
-
Size
800KB
-
MD5
fba57d67d918b05534808ec5a3bb41ea
-
SHA1
b2a63753e3d827a99953c83bf12027f2b417497b
-
SHA256
931408a67d7e87366d4493d39551a6acb750ffb13bf04cf6bfb51e2a31993ca0
-
SHA512
c35345c0e85ea1e4e768651482c5f78911e0b1328cbcd3d400d503d97f46bddeddf9a0ee9eb47b974970f2e53ff37d24d65c82161ad5aca0dd857056f9d8f6db
-
SSDEEP
24576:/LjTZRfxxF1GCj+amtz1L5QJgAHVHB7yPRo:Dc5W
Score3/10 -
-
-
Target
locales/ar.pak
-
Size
879KB
-
MD5
33d9222143484fd0d5c2bfd5dbfdb3fe
-
SHA1
2dc62d9e87e4ea24f4c83cbac72bfa823075fe99
-
SHA256
11e93150d0230c2da504bba3248834d4526a74b61a9bcc05c0ef3ace255da640
-
SHA512
aa3e9002e4b22a18acfe4f0b18689d46cc132ddaf8c5135c7dfbdac54582bbac707541fe699a5a70115c378c3002da67852e7da06ff3ac24915a2841db8f5088
-
SSDEEP
12288:Z97l1BzEw/0/R/mARz4fvPUMxRjkYG5XN0W3ECMmXA:Z9pWBz5B3O
Score3/10 -
-
-
Target
locales/bg.pak
-
Size
912KB
-
MD5
ee5d383d9ff3bf05fe62adbd95c8e948
-
SHA1
de4bcd0d54b303a39c72f447161a411f763e160d
-
SHA256
8b8bcb2b886a39e4c00e40e3183200258d51f382c473b38dc9217e41595e59ce
-
SHA512
122b5e7e78c5ac32d8e97c63d11b9892b2795e78de8c4ae04efe097a8b25b454bc3945c48ff8f298ab51adddef36d7b2901967a54d1e8ed241f0fc907400364f
-
SSDEEP
24576:ZOCBfqWPnLYazQkEC9U3VbvcHU373ZUH3aAKUGVDoIglumpod2OQ5vGF1YoxaQ51:ZOCBfqWPnLYnWU3VbvcHU373Z83aoGVd
Score3/10 -
-
-
Target
locales/bn.pak
-
Size
1.1MB
-
MD5
8aa74df7ca8dd365747b9e50a91723e5
-
SHA1
04b5ff5ee43a0479a6a48371ebf68258d94e5ee1
-
SHA256
da53d3efb3cc3cdb6d5aef2570df7da4a4fd18df85bea3e00ac5af73094856c0
-
SHA512
aef24a184a794241f38963e5040a4cafeeddbf6ad568b6fcf321d82c30b79270ca6a4680bf44aa82c7c7176f9896bbe8e3600b5544274090794ea728d9364e09
-
SSDEEP
3072:vxQAzKKazemwp4q7r0Escl4oHFcq/j90Yuf1i/QfqTNl2SPRRBbJ/QL5172DbNJO:RKKazEOqbsclzOPqTNISPRRBb45Ob6
Score3/10 -
-
-
Target
locales/ca.pak
-
Size
564KB
-
MD5
31c1d66940122b22c684269e7c68e61f
-
SHA1
c7c549cc99114dc68d56f169c31e5d97939bd931
-
SHA256
eaebcf24823a4e2885ba0aa287a0119a7d1e3d38a0596b261d23111861f8116c
-
SHA512
1756b13fdac39ad28f9c69f18684dbc7f463e3a11e8a1432ecb53816da74d5dfb4d0ba281aad00fdab2059089fd4dc273f1b8c085e49216f1285fae962609437
-
SSDEEP
12288:IbjYwR3uzU37hRE1Dvkd3k5PqF4N3Mw2juwHzejm0t3lvybrTsn/RCHWIsjc4jlE:IbjYy3u4X7dPARIVJPMNfXI8C5Rhkil
Score3/10 -
-
-
Target
locales/cs.pak
-
Size
572KB
-
MD5
2d09d3ec0ea3db04075bada679ead06a
-
SHA1
c0890988ff6386566e30854acfc6ac43e1af85f1
-
SHA256
e1dbf1409f09b14fca2f4acc702c1bfc13c69cf9ff503278457a15ca08e2799a
-
SHA512
b2a5aa0399f6c0506ea3105edff2ecfeb0647cdc8dfb460291ccdcdd50380075e1e869a36f63af150f27aa77916f378375eaa217092bc89534c1742eb839c8a4
-
SSDEEP
6144:EqTUqwuqZ0inoARQ0nDA+AO5mDzr4/DNOOAzSBAmPy68QDsU:EWC6ooAeA55mDzr4/DNOrzS+mPr
Score3/10 -
-
-
Target
locales/da.pak
-
Size
521KB
-
MD5
3e67fcabaf91297a33af1da4ad928e19
-
SHA1
339c9ba093b78d8488bd206af72c096cf75b02f1
-
SHA256
4545d8d5f566d2dac7214436dbf8a1340e262407461d9947fd226c338c886800
-
SHA512
6b033711ba19ff9be2ecc7d4475351878b8327f5ae44f3166d011dacae38d6d1cdcb0b3284f4512fe716707b82f6e927d773dcecf8de9316e9db24971a1a0812
-
SSDEEP
6144:Hyf2mHalMBVfr2YzVWlsA5hbqWj1se8jjwlRfxJwe7obR+uaFIV51beM57otd44R:4HaICGYq5jqWB516M23
Score3/10 -
-
-
Target
locales/de.pak
-
Size
561KB
-
MD5
dcc3a9f85c010fa19d77bc61760ae970
-
SHA1
dd8a3102980d63392502aa54265b2de9acb953bc
-
SHA256
7d2c39f892bb39130759ad59a33b7b2a9ab71687c87976a347c36c136922d4d6
-
SHA512
7e4ed8fe97e731493ec2f4e1896a62753196f4cf1f43af773696f33934ef9f5cf357ade1ccc61a0c3c8a81eb8253849001621ef6836baccdbcc824cc72d89b16
-
SSDEEP
12288:lFS6fd8+frWlVhC3K7Up0gXajTlyt50UnvoCIz:lFVbfuVhC3K7Up0gXajZq5LACIz
Score3/10 -
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2