redline

Sharing

Copy URL

Twitter E-mail

General

Target

BооtstrарperV1.18.zip
Size

59.5MB
Sample

241013-e4bsestcjj
MD5

1b4ef0d12daa39fd897de68f4518ec9f
SHA1

0d497101be7b7df328002fea7199a86c1578265b
SHA256

1f274b51237c717634a5ea765b2ef2db2f9625ddfdd5980dff45150c10f769bd
SHA512

0aff2ecf68b9bf0bacd00743dcfad2f65f3dc95a08a33aa8dce87a65edda5bc980821299a8ce2ad3bc1c54c6942d6a301adf2bdf12e79e954c359c06203b1ab3
SSDEEP

1572864:9kxHc7oAWLbGf3OH0Gtl2KGNyg9FkStS0PZ5Pj8yuLlopNzs:exHcYbaRGtlUt9WW81LOpN4

Score

10^/10

Malware Config

Extracted

Family

redline

185.196.9.26:6302

Targets

- Target
  
  Executor/Microsoft.Web.WebView2.Core.dll
- Size
  
  557KB
- MD5
  
  b037ca44fd19b8eedb6d5b9de3e48469
- SHA1
  
  1f328389c62cf673b3de97e1869c139d2543494e
- SHA256
  
  11e88b2ca921e5c88f64567f11bd83cbc396c10365d40972f3359fcc7965d197
- SHA512
  
  fa89ab3347fd57486cf3064ad164574f70e2c2b77c382785479bfd5ab50caa0881de3c2763a0932feac2faaf09479ef699a04ba202866dc7e92640246ba9598b
- SSDEEP
  
  12288:6CxswUBor35JrpQ322zy+uFKcDoRFNCMmeA+imQ269pRFZNIEJdIEY0lxEIPrEIE:6Cbmv
Score

1^/10
behavioral1 behavioral2
- Target
  
  Executor/Microsoft.Web.WebView2.WinForms.dll
- Size
  
  37KB
- MD5
  
  8153423918c8cbf54b44acec01f1d6c2
- SHA1
  
  f0c3c5412b809725e6d4809230adb15cc7d83ad2
- SHA256
  
  5696366f7458da940cc986dc5d3d4549a2368512acd769014ecbb07b47bd88b4
- SHA512
  
  f3dc771e37c71479d332142ec5a9c5c3f39ca71937f595a0f7482ae5aaaafd92e932efc9b0363d4511d547f3c8b2e0497ebbf8356e7d07fc344f4e5715b0ee87
- SSDEEP
  
  768:1sjCEEHJ9l0EeFZ2sxIHzttZDgcEST3p4Jjrjh2jJ+SG2au8vxJKia5/Zi/ZGQKk:wCEB15azttZDgcEST3p4JjrjaJ+SG2a/
Score

1^/10
behavioral3 behavioral4
- Target
  
  Executor/Xeno.exe
- Size
  
  940KB
- MD5
  
  8cd91466705ef28b8a6d182630c60b50
- SHA1
  
  8c0c79da29454ceb0735a118c44ae13d75e6f005
- SHA256
  
  8ca88570597b59e3b7130ce6e5ffe5a238f053abd8d3b65ec4288ca8cd87a8f7
- SHA512
  
  56341bb425ff3e30a7aa4319cbd916c2f1ff6d61aa3a9c8d8c5375f8df27711cac4474b1cf646afe19e38adb2aabd4a4c96ac0009d4d448d1c2dd9e79c18088f
- SSDEEP
  
  24576:8hkCmQkV1bP02HbRX2AZj6egjU9TX28kptc0tCqE:86CvkV1bP02HbGegjKWPconE
Score

10^/10

redline discovery infostealer spyware
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral5 behavioral6
- Target
  
  Executor/locales/bin/api
- Size
  
  18.7MB
- MD5
  
  88fd7dbf04bcf75123d02009aea3f7f7
- SHA1
  
  cecf16bdad71e54afc941179ea2b7438a04efa1d
- SHA256
  
  01481b9a862936fbc090bda4033f22d7ffa5a7bfe5dc32f47c7794332b34eec4
- SHA512
  
  2c6298b5adf91b51f0042d48e0846f5b196d52a588fd4fc577bf19ec26ad8e547382279a15f8bf131b08b0d7c140534aff25f82d5e8998818b812e72c9493917
- SSDEEP
  
  393216:hqA/D2IIyzg8DolBo6i0KoI6Di42sC1/syU3DXNs6hq8:hqcaZyV0fC1JOpjhq8
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  Executor/scripts/Dex.lua
- Size
  
  410KB
- MD5
  
  e37374a8aa47cf8ac6d56901436e199f
- SHA1
  
  5d62f5db07614f3b548702faa4f7a06e235c9b12
- SHA256
  
  47cc5f1102fda0eba76b9570a1b943326f2170f270d5280e1f8dd5723c43fc14
- SHA512
  
  efee19e8109a48d49f099dd1767c722935123c4ea4d6e0ab905703e16fcb7196d31c45826d4398a5b7249e686ca90db3f671416909ce3440d4709edf1bd55775
- SSDEEP
  
  6144:X+B5OQiY5mqWM4Kg9HHj/B7TjmmDLmogQcEZVTkJuMap1PBPY9ZSnJm7xoiZDDHQ:RQ90qWM4Kg9HHj/B7TjHKi
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  Executor/scripts/Infinite Yield.lua
- Size
  
  464KB
- MD5
  
  b7fd97a54c618754ceab75e8a5c2de10
- SHA1
  
  feb96643a76f785177fa4e841b92e6a0af364180
- SHA256
  
  784f1c6ac0d4a3abdce59e09b0e9b52da6c426136cf0bfd775445e8194b77ddc
- SHA512
  
  078f305142e6b2d3300d249ba305897374e0d5a78e6db9ac902370b1eee433ee83322568735b3d82706fd1fc117dcbd3fe60ad5c2d8cada8deb36b2de6da7921
- SSDEEP
  
  6144:OkrLwE7/2eTtOWGhzWtRNY9gIBuQulO7oFo5n4Xd9wDhoQhGZtUi8/1j304U48uH:OkrLwE4WG6NYQFOn4Xyipo
Score

3^/10

execution
behavioral11 behavioral12
- Target
  
  Executor/scripts/UNCCheckEnv.lua
- Size
  
  28KB
- MD5
  
  b76726d10354343d9af5c268e40b47c4
- SHA1
  
  7103c78071be0c65c8b3a217168cf7909aef748e
- SHA256
  
  e8d53406c916b8e827c65c8f00d8a18b1379e693fd0379e8116e749bdf860cf5
- SHA512
  
  5caffd8a06058e890fe4ae35430539281cf53fa791221189f0f6660778a83fa42cc3e5374ce06ff325420d92006c2bfe1003f1486714e889964075da66b046eb
- SSDEEP
  
  768:JopEYRzOKMrGrE7BWf9r+T+f9TkIuP4hUUsbU8FqQFBF5UXzRFEe3cSG5Sg/i5rx:JEKcZuy9p
Score

3^/10

execution
behavioral13 behavioral14

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

RedLine payload

Accesses cryptocurrency files/wallets, possible credential harvesting

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14