Overview

overview

10

Static

static

10

Redline st...52.dll

windows11-21h2-x64

1

Redline st...ib.dll

windows11-21h2-x64

1

Redline st...UI.dll

windows11-21h2-x64

1

Redline st...db.dll

windows11-21h2-x64

1

Redline st...db.dll

windows11-21h2-x64

1

Redline st...ks.dll

windows11-21h2-x64

1

Redline st...il.dll

windows11-21h2-x64

1

Redline st...on.dll

windows11-21h2-x64

1

Redline st...ls.dll

windows11-21h2-x64

1

Redline st...en.dll

windows11-21h2-x64

1

Redline st...ib.dll

windows11-21h2-x64

1

Redline st...er.exe

windows11-21h2-x64

1

Redline st...et.dll

windows11-21h2-x64

1

Redline st...ub.exe

windows11-21h2-x64

10

Redline st...rt.bat

windows11-21h2-x64

8

Redline st...ed.exe

windows11-21h2-x64

10

Redline st...b2.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Redline stealer 2024 Crack.rar

  • Size

    1.8MB

  • Sample

    241008-1j1fyatdka

  • MD5

    a37b7eef64ed7da2905f5e871429c148

  • SHA1

    6e28c93a6134e77b5ecec079eb05b12900635ae8

  • SHA256

    9885075a597dba7d0eed56f5809b20d9982cd305ea5f16668b33fffc83808827

  • SHA512

    1f217abc2bea46dcbc0c0627cef5614a4aae44d496dbc9fd95592260b8d8bfd700b6455792ba611582afe23e1fd6f484adb4d245540fcfc8e5e4dbb50eb52f83

  • SSDEEP

    49152:elg/Hr24CmUch6P41zWVqUSMRBP6wXg8JEm:emHr2mJjzW8U5RBnXgK

Score
10/10
asyncratredlinexwormrxxxdiscoveryevasionexecutioninfostealerpersistenceprivilege_escalationrattrojan

Malware Config

Extracted

Family

xworm

C2

newstartagain.servequake.com:7001

newstartagain50.duckdns.org:7001
Attributes
  • Install_directory

    %AppData%

  • install_file

    USB.exe

  • telegram

    https://api.telegram.org/bot7114416350:AAF9PJoo6_MYxNu2qBazQWSWsWE1Jb_-yh8/sendMessage?chat_id=6653386349

Extracted

Family

asyncrat

Version

AWS | RxR

Botnet

rxxx

C2

rxrdark8855.servebeer.com:6606

rxrdark8855.servebeer.com:7707

rxrdark8855.servebeer.com:8808
Mutex

AsyncMutex_6SI8OkPnk

Attributes
  • delay

    3

  • install

    false

  • install_file

    System.exe

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      Redline stealer 2024 Crack/Libraries/Bunifu_UI_v1.52.dll

    • Size

      219KB

    • MD5

      5eca94d909f1ba4c5f3e35ac65a49076

    • SHA1

      3b9cb69510887117844464a2cc711c06f2c3bd19

    • SHA256

      de0e530d46c803d85b8aeb6d18816f1b09cb3dafefb5e19fdfa15c9f41e0f474

    • SHA512

      257a33c748dfb617a7e2892310132fd4abf4384fb09c93a8ac3f609fd91353a4f3e326124ecc63b6041ac87cf4fcc17a8bdca312e0c851acd9c7a182247066ea

    • SSDEEP

      6144:o1uzZh5rYAuBjtnkbxuzZ7Mg3i3hJtm4Fw2hHQHcHKaPUb:Ku1higb4zZR+9mcHX

    Score
    1/10
    behavioral1

    • Target

      Redline stealer 2024 Crack/Libraries/GuiLib.dll

    • Size

      50KB

    • MD5

      eaf9c55793cd26f133708714ed3a5397

    • SHA1

      1818aa718498f0810199eca2b91db300dc24f902

    • SHA256

      87cfc70bec2d2a37bcd5d46f9e6f0051f82e015ff96e8f2bc2d81b85f2632f15

    • SHA512

      b793ae1155bd7be247b42c0fc1bc53e34cf69e802c0e365427322dac4b5cc68728d24255a717aaffa774b4551a6946c17106387cff4cfdb6ce638d8a4ecab4d9

    • SSDEEP

      768:CXBWBHqfkC/Wcd1V4+8dUQeEqUNVugMP26lunzWWeddVV:CXiWJ16+8dxeAVuAWWed9

    Score
    1/10
    behavioral2

    • Target

      Redline stealer 2024 Crack/Libraries/MetroSet UI.dll

    • Size

      436KB

    • MD5

      f13dc3cffef729d26c4da102674561cf

    • SHA1

      5f9abff0bdf305e33b578c22dada5c87b2f6f39c

    • SHA256

      d490c04e6e89462fd46099d3454985f319f57032176c67403b3b92c86ca58bcb

    • SHA512

      aa8699c5f608a10a577cb23715f761ee28922c4778f5ea8a5ec0a184e1143689fba5a08003fd5cbf3c7dd516eac1fddc8c3f9efa1d993ba1888e87b70190c08f

    • SSDEEP

      12288:oE4n7EmAqNv8MkCvzMTlCPRSoWzz7QYaIHtMhPrYDK:oE4n7xAqN0MkCvzMTlCEoDYFH2eDK

    Score
    1/10
    behavioral3

    • Target

      Redline stealer 2024 Crack/Libraries/Mono.Cecil.Mdb.dll

    • Size

      42KB

    • MD5

      dc80f588f513d998a5df1ca415edb700

    • SHA1

      e2f0032798129e461f0d2494ae14ea7a4f106467

    • SHA256

      90cfc73befd43fc3fd876e23dcc3f5ce6e9d21d396bbb346513302e2215db8c9

    • SHA512

      1b3e57fbc10f109a43e229b5010d348e2786e12ddf48a757da771c97508f8f3891be3118ff3bb84c3fd6bfa1723c670541667cdbf2d14ea63243f6def8f038cc

    • SSDEEP

      768:Cr5EYZep98C87KHeBUZwrEF7b+gxfM3AkMus4iWJq9F4CRIcZwMRTIzyAt9U2:Cr59g98C87KHeBUbwgKirbdwMRTzAt9l

    Score
    1/10
    behavioral4

    • Target

      Redline stealer 2024 Crack/Libraries/Mono.Cecil.Pdb.dll

    • Size

      87KB

    • MD5

      6cd3ed3db95d4671b866411db4950853

    • SHA1

      528b69c35a5e36cc8d747965c9e5ea0dc40323b8

    • SHA256

      d67ebd49241041e6b6191703a90d89e68d4465adce02c595218b867df34581a3

    • SHA512

      e8ae4caf214997cc440e684a963727934741fd616a073365fa1fc213c5ca336c12e117d7fa0d6643600a820297fc11a21e4ac3c11613fba612b90ebd5fc4c07e

    • SSDEEP

      1536:fU2qJ+RazRt/Kc4oJiOxFR4NdJF0/RfhF46HAoYKHgPzpS6w7fa1C9r:s2MRtrfrR+Pe/xAiAzpQ7y1C9r

    Score
    1/10
    behavioral5

    • Target

      Redline stealer 2024 Crack/Libraries/Mono.Cecil.Rocks.dll

    • Size

      27KB

    • MD5

      c8f36848ce8f13084b355c934fc91746

    • SHA1

      8f60c2fd1f6f5b5f365500b2749dca8c845f827a

    • SHA256

      a08c040912df2a3c823ade85d62239d56abaa8f788a2684fb9d33961922687c7

    • SHA512

      7c47f96e0e7dfaebb4dccf99fa0dda64c608634e2521798fd0d4c74eb2641c848fadad29c2cd26eb9b45acdfef791752959117a59e1f0913f9092e4662075115

    • SSDEEP

      384:E0ve8JOuJTiC7n2NwxEXCnjB+RXcMeDz8PmR1ugLoaeuLMBG9UphJAprjEduFLHJ:E+meiCyrXOwS8uRssveum1peFLHFBbO

    Score
    1/10
    behavioral6

    • Target

      Redline stealer 2024 Crack/Libraries/Mono.Cecil.dll

    • Size

      337KB

    • MD5

      7546acebc5a5213dee2a5ed18d7ebc6c

    • SHA1

      b964d242c0778485322ccb3a3b7c25569c0718b7

    • SHA256

      7744c9c84c28033bc3606f4dfce2adcd6f632e2be7827893c3e2257100f1cf9e

    • SHA512

      30b3a001550dca88c8effc9e8107442560ee1f42e3d2f354cc2813ae9030bf872c76dc211fd12778385387be5937e9bf172ea00c151cab0bca77c8aafdd11f7d

    • SSDEEP

      6144:jFzzF5VOCxfiKKhsw4NiL0XRzx9WoCklyus:BdfiKI4RzWSyu

    Score
    1/10
    behavioral7

    • Target

      Redline stealer 2024 Crack/Libraries/Newtonsoft.Json.dll

    • Size

      683KB

    • MD5

      6815034209687816d8cf401877ec8133

    • SHA1

      1248142eb45eed3beb0d9a2d3b8bed5fe2569b10

    • SHA256

      7f912b28a07c226e0be3acfb2f57f050538aba0100fa1f0bf2c39f1a1f1da814

    • SHA512

      3398094ce429ab5dcdecf2ad04803230669bb4accaef7083992e9b87afac55841ba8def2a5168358bd17e60799e55d076b0e5ca44c86b9e6c91150d3dc37c721

    • SSDEEP

      12288:Lf9WGsSVSM2mxL2nRiOr8gUckc6V/g2GhBzj05cH:7XNL2PVh6B+Bzjmc

    Score
    1/10
    behavioral8

    • Target

      Redline stealer 2024 Crack/Libraries/RedLine.SharedModels.dll

    • Size

      29KB

    • MD5

      bee2969583715bfa584d073ac8d98c42

    • SHA1

      37d1221ce6bb82e7ad08fd22bd13592815a23468

    • SHA256

      5f92db78e43986f063632fb2cfafdce73e5e7e64979900783ca9a00016933375

    • SHA512

      5c139b81a51477d8362be2bf72b9f2425d54ef67b4ad715fbe8aa11f8a57435abb7f23a7ecaee18611e559d1006c0df5dd3427b6e7c3caed38d8cffd79e4bb1c

    • SSDEEP

      768:OqYS91uYM7KwU+QJDqnCz2iiMkM16dTS:OqYSqfOwTgDqnLZMn16NS

    Score
    1/10
    behavioral9

    • Target

      Redline stealer 2024 Crack/Libraries/System.Drawing.Pen.dll

    • Size

      2.7MB

    • MD5

      1d4e91345a76c90e0849c9389e66fe8c

    • SHA1

      744393f64d9f95a987605ac14b721dbbc985901c

    • SHA256

      1d820d1c1e9d661603cd32177fb128c9a6844fe2492b6fbb3120bd37553663b0

    • SHA512

      e0c5fa5c9141e139d529b80058c1ff8fb252116076c57fbea106ee2500cb23d3a91b76f6348bc0bcf465acde510463352a960eefd29198f4068661342cbd28b8

    • SSDEEP

      3072:tblKLY+hugA/JMGI+3TBb3K65tKMFL6uOqKXyeHD3Q6b7cvWUevzml01xvS0yiEt:t

    Score
    1/10
    behavioral10

    • Target

      Redline stealer 2024 Crack/Libraries/Vestris.ResourceLib.dll

    • Size

      76KB

    • MD5

      944ce5123c94c66a50376e7b37e3a6a6

    • SHA1

      a1936ac79c987a5ba47ca3d023f740401f73529b

    • SHA256

      7da3f0e77c4dddc82df7c16c8c781fade599b7c91e3d32eefbce215b8f06b12a

    • SHA512

      4c034ff51cc01567f3cb0796575528ca44623b864eb606266bcf955a9259ed26b20bec0086d79038158d3a5af2ada0a90f59d7c6aae9e545294fe77825dbe08b

    • SSDEEP

      1536:CSSYikTF0Z+sFGu11tIcyI1MtI9eDG3fL7:CJYD0Z9FGu11teI1r9ea3

    Score
    1/10
    behavioral11

    • Target

      Redline stealer 2024 Crack/Libraries/builder.exe

    • Size

      11KB

    • MD5

      de6f68cdf350fce9be13803d84be98c4

    • SHA1

      e37ec52f68ab48344579ccbfc4d2d90d3073c808

    • SHA256

      51bbc69942823b84c2a1f0efdb9d63fb04612b223e86af8a83b4b307dd15cd24

    • SHA512

      0344b764dc0a615d5a0bbb24ba442bd857d69fd3b102f243dafc9a9ae8776f6ad98f9af2cf680effaa5807451e310232224264ce9fe1bbc4a5f826833705ee8a

    • SSDEEP

      192:z+cfd5PJQCXA7X+k6bCcEOGtti8eXyfktOOeUpyfRM:z/d5PJQCXsXk2cFGK8WyfkIOeUsfR

    Score
    1/10
    behavioral12

    • Target

      Redline stealer 2024 Crack/Libraries/protobuf-net.dll

    • Size

      274KB

    • MD5

      d16fffeb71891071c1c5d9096ba03971

    • SHA1

      24c2c7a0d6c9918f037393c2a17e28a49d340df1

    • SHA256

      141b235af8ebf25d5841edee29e2dcf6297b8292a869b3966c282da960cbd14d

    • SHA512

      27fb5b77fcadbe7bd1af51f7f40d333cd12de65de12e67aaea4e5f6c0ac2a62ee65bdafb1dbc4e3c0a0b9a667b056c4c7d984b4eb1bf4b60d088848b2818d87a

    • SSDEEP

      6144:M+mGOqp3p9xOhav/ZcaiysIN5UGr8fnd0OJNGyo:JOqp3bkhUZcbyP51rACGNGyo

    Score
    1/10
    behavioral13

    • Target

      Redline stealer 2024 Crack/Libraries/stub.exe

    • Size

      141KB

    • MD5

      9c44ce0cc507f539a3b6aa9c3671f092

    • SHA1

      8f2ff23438e4e3e4c19537e90688f21cbe189908

    • SHA256

      7b6c6588d3bddb06a0efbbf237cf501c027dac8bd2b82c6835e0a2c8bdfae842

    • SHA512

      d0496f88e659961cd29359e15002e32550e00897ab8c4cd7079ad928582b70ef82a0d110378cca8a8404cc3e14f7769cd68a925686a577a726101bc04d633ce3

    • SSDEEP

      3072:jJq4D2X3vAY+9ZCXDLcw9XFTb3R35dINX9r0DMi:jJq4Dog7gVdFTb3RDINN

    Score
    10/10
    redlinediscoveryinfostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    behavioral14

    • Target

      Redline stealer 2024 Crack/OpenPort.bat

    • Size

      94B

    • MD5

      cf1cc90281e28cee22dce7ed013c2678

    • SHA1

      2f213a71b76db3e51ad2d659f84dc1f3f90725fb

    • SHA256

      84399f8bccefa404e156a5351b1de75a2d5290b4fddd1754efb16401ed7218ef

    • SHA512

      2b61c1da7cc66506537719cedab82f172d2ac1af4df69513ba64507a5ed67989974f81791faf08c5855580df53f564600381be34c340b825f1f01919948921e1

    Score
    8/10
    evasionpersistenceprivilege_escalation
    behavioral15

    • Target

      Redline stealer 2024 Crack/RedLine.MainPanel-cracked.exe

    • Size

      3.6MB

    • MD5

      1122e505e4dc11a064b035232c7cd140

    • SHA1

      25e08324adf624f0eeee886d469d5d81274e2306

    • SHA256

      1f43ce33c386930eb4030314e7ed779c084925f3d5a5fa62b1e8667f8dfa8b1f

    • SHA512

      5157a74aa1ba57a4b4b24f9de69e801ad47c1e76ca02f7e446d8a27a18453b07c3a128ff7e9170e5d71e1f6231674935e4ae8abc4f5b09cd1bbdf76ba4a0aadf

    • SSDEEP

      384:oM72IF/6Gnv9oLeJDBcKbx/hbRVXrninfGjED66jYNJUgDD4QFEPMg/viETnF8xF:oM62esSKb7VVniKYcJrP48EH/v77At

    Score
    10/10
    asyncratredlinexwormrxxxdiscoveryexecutioninfostealerpersistencerattrojan

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers written in C#.

      ratasyncrat

    • Detect Xworm Payload

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Xworm

      Xworm is a remote access trojan written in C#.

      trojanratxworm

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral16

    • Target

      Redline stealer 2024 Crack/bb2.exe

    • Size

      633KB

    • MD5

      87c24b4751f5fd7f48b2b40f0dc9f2bd

    • SHA1

      45ba5f2b3005eca9bae687f2880fb6a6738f6486

    • SHA256

      5e3de40ed3237c339f675b9f3ed98b6d9eab4c4274ff78bbc4e0439f625e77f8

    • SHA512

      9b64e529bdc887bd63eb69e4e689737c78a9bf3c1189a1c4fd38a550b2e303e6f6c69231321a26f74693cc6fc62de8175c9b7104781163ed71544d657457e5f9

    • SSDEEP

      12288:hhNkz1XpXpXpXpXpXpXpXpXpXpX7t4umBNOuihNynH91gX:h22Mnynd

    Score
    10/10
    redlinediscoveryinfostealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    behavioral17

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Impair Defenses

1
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

1
T1112

Credential Access

Discovery

Browser Information Discovery

1
T1217

Query Registry

2
T1012

System Information Discovery

2
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Tasks