Overview
overview
10Static
static
3Discord Ni...or.exe
windows7-x64
Discord Ni...or.exe
windows10-2004-x64
10GFSDK_Shad...64.dll
windows7-x64
1GFSDK_Shad...64.dll
windows10-2004-x64
1Scrafy.dll
windows7-x64
1Scrafy.dll
windows10-2004-x64
1d3dcsx_46.dll
windows7-x64
1d3dcsx_46.dll
windows10-2004-x64
1keys.dll
windows7-x64
3keys.dll
windows10-2004-x64
3swds.dll
windows7-x64
3swds.dll
windows10-2004-x64
3General
-
Target
740930ecdbe028af8957cfed4382d12af784acc38887807031f2406d9ff914eb
-
Size
2.6MB
-
Sample
241109-mg5e8asja1
-
MD5
2be8c5b91bcaa949241fb96430c7c205
-
SHA1
aceca59c16dfa3ca36d4e6aa43cc79c8e00fe486
-
SHA256
740930ecdbe028af8957cfed4382d12af784acc38887807031f2406d9ff914eb
-
SHA512
22a45be3cfc4c282d6f3e61f861300d5ec149057215bfcd3228298fbed9b19ec0220b389eee63edd4d95abcc0e7abd668761a780589d15c0b1fa87ace50fc5db
-
SSDEEP
49152:O2SmwPH4Ui4lc94bfCOacfw2vEuvSS+o/yXkBFBbJjPBwfENhYW+bHGq:VDP4lc9QKpcY2cin+myXkxFz0akbHGq
Static task
static1
Behavioral task
behavioral1
Sample
Discord Nitro Generator.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Discord Nitro Generator.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
GFSDK_ShadowLib.win64.dll
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
GFSDK_ShadowLib.win64.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
Scrafy.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
Scrafy.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
d3dcsx_46.dll
Resource
win7-20241010-en
Behavioral task
behavioral8
Sample
d3dcsx_46.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
keys.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
keys.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
swds.dll
Resource
win7-20241010-en
Behavioral task
behavioral12
Sample
swds.dll
Resource
win10v2004-20241007-en
Malware Config
Extracted
redline
185.200.191.18:80
-
auth_value
6a6d2013394e24ff36af9394a7517801
Targets
-
-
Target
Discord Nitro Generator.exe
-
Size
1.8MB
-
MD5
0bcb060add426e4fa9d052ad82067593
-
SHA1
618e6f67f1d48b4500419876a3524f2ebd1465fb
-
SHA256
2df99efadd0746be4481aa3a94e27cf0f1d2e432d17523f882390730e1870559
-
SHA512
84bb8ebffce8ceb8796e39940f9342ead91e8d3cfe45cb2fa2eb7674df0cde7a91dc520fef50f775d7649411f6ac4c115ad52c8fe8eea10e7d245bd7a35d1ec8
-
SSDEEP
49152:/StVHaauEgXuGU5hT9opy0fAS8wzdm4MQoy9UsveXIGg090IlrS0cMMExl:/StVHa/p+b9oA0f58qoy9UsveXmIlr6i
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-
Suspicious use of SetThreadContext
-
-
-
Target
GFSDK_ShadowLib.win64.dll
-
Size
3.8MB
-
MD5
f2c348c5aaff0c420f4dce3abc1bbad6
-
SHA1
873f96bf5f180d786445ab2a129140905d5066b8
-
SHA256
0523a77867d37ac0fd0a9ccc5e6d11882e743ed6d52558f6bb63d5889b7f4ae1
-
SHA512
857a08f0d22b1a3cc9517d632d151bbdd703ec6dd541c84190f305a43f4f81770860ad4c9cc2baaf149740eac8d8579dbb2ee7c0e63a0403d061adb0ae0b0b66
-
SSDEEP
24576:Gg4mEzEzlXel6Kqn9DSuGOMAYd1EmH07YV1GmP0jYX1JmX0UY/1ImD0A:G
Score1/10 -
-
-
Target
Scrafy.dll
-
Size
35.0MB
-
MD5
70549df31467a4c90250bfdaaa28f62a
-
SHA1
84c36b0999f842887a0d9a950c26373deeb798c6
-
SHA256
926687efa6694393d6c4a3e95c5e06a52cb7227e3fe5617e9dd59e7a7579cf5f
-
SHA512
6d59e8eadbf0d236a88ed14440335e01d528eb017cff8e875fd6ffa5d5bbfaffb4efe21cd298a62edbfac5bfd8f4719d42c9c13b65d7c64a775eaf0da34577b7
-
SSDEEP
3:Hcxzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzm:HcU
Score1/10 -
-
-
Target
d3dcsx_46.dll
-
Size
1.8MB
-
MD5
8355e491fa90ca00045be22bb556b213
-
SHA1
1878a0cbbd064183ca290efd8841d11338a3dfcd
-
SHA256
85017342fd829fbd32d7045c2c0b2254e68e5c3bd6faa59c920dec878c765dcd
-
SHA512
d31b46468246cc554cf993d6114590121caad904966add2587b527f6c1421ed79822d7e332b6959c8e9b640526f38923a1f4cf4ae27120a351edc573304b6963
-
SSDEEP
24576:qannDf1/bJiWNwG1KSx1T4dEQMtqVC43uH1Ug:qynDf1/1iZs4dpMATeHL
Score1/10 -
-
-
Target
keys.dll
-
Size
166KB
-
MD5
2c72867294029653210306933c4f53a7
-
SHA1
b1f7f0a441b767072294cda20b9539fa7de41a87
-
SHA256
a70f215428fe8fd412ef0efb74c5ad8d9afbc26eba4e416f1f4b22949c6fec5b
-
SHA512
eadbf37e44e42b6329206929d7675ac08eac0efed2f271e459fea7a844b2ff31054d39ab82ee779a397ba5a1b2718a0e42528bc5e388541aa64a8511c7788cd4
-
SSDEEP
3072:UjcH7izJoHwD+cguq5x4oCk052vK9WFi/Dbt2/aWb8c583pV6z3Y:2ewNg35CZl52vK9uSIDTY
Score3/10 -
-
-
Target
swds.dll
-
Size
1.0MB
-
MD5
8c05b73c73273ecb9b5f69443e2641e2
-
SHA1
0770a02c6617f5223a08a27fc8d05ecedc947316
-
SHA256
f802c0a63c0e3e0336bfa35b34502a00e8ce06ad90d930273e81df5076846e16
-
SHA512
291f6e634afec9724e3a1e09b86d8c9b8f7a884669f96405b97ddcf6470139ee7e248ba663cd4aa97c541f83c48bd9ff98fd07ff71e6c0d9a375b3daab82a462
-
SSDEEP
24576:gfiy/IEaNYLIJG80ce+FAM6EEiO4uXk+IksxjTJqg6Wu:2/pjgGNce+FAG9O4uU+Iks1T7u
Score3/10 -