General

  • Target

    740930ecdbe028af8957cfed4382d12af784acc38887807031f2406d9ff914eb

  • Size

    2.6MB

  • Sample

    241109-mg5e8asja1

  • MD5

    2be8c5b91bcaa949241fb96430c7c205

  • SHA1

    aceca59c16dfa3ca36d4e6aa43cc79c8e00fe486

  • SHA256

    740930ecdbe028af8957cfed4382d12af784acc38887807031f2406d9ff914eb

  • SHA512

    22a45be3cfc4c282d6f3e61f861300d5ec149057215bfcd3228298fbed9b19ec0220b389eee63edd4d95abcc0e7abd668761a780589d15c0b1fa87ace50fc5db

  • SSDEEP

    49152:O2SmwPH4Ui4lc94bfCOacfw2vEuvSS+o/yXkBFBbJjPBwfENhYW+bHGq:VDP4lc9QKpcY2cin+myXkxFz0akbHGq

Malware Config

Extracted

Family

redline

C2

185.200.191.18:80

Attributes
  • auth_value

    6a6d2013394e24ff36af9394a7517801

Targets

    • Target

      Discord Nitro Generator.exe

    • Size

      1.8MB

    • MD5

      0bcb060add426e4fa9d052ad82067593

    • SHA1

      618e6f67f1d48b4500419876a3524f2ebd1465fb

    • SHA256

      2df99efadd0746be4481aa3a94e27cf0f1d2e432d17523f882390730e1870559

    • SHA512

      84bb8ebffce8ceb8796e39940f9342ead91e8d3cfe45cb2fa2eb7674df0cde7a91dc520fef50f775d7649411f6ac4c115ad52c8fe8eea10e7d245bd7a35d1ec8

    • SSDEEP

      49152:/StVHaauEgXuGU5hT9opy0fAS8wzdm4MQoy9UsveXIGg090IlrS0cMMExl:/StVHa/p+b9oA0f58qoy9UsveXmIlr6i

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Suspicious use of SetThreadContext

    • Target

      GFSDK_ShadowLib.win64.dll

    • Size

      3.8MB

    • MD5

      f2c348c5aaff0c420f4dce3abc1bbad6

    • SHA1

      873f96bf5f180d786445ab2a129140905d5066b8

    • SHA256

      0523a77867d37ac0fd0a9ccc5e6d11882e743ed6d52558f6bb63d5889b7f4ae1

    • SHA512

      857a08f0d22b1a3cc9517d632d151bbdd703ec6dd541c84190f305a43f4f81770860ad4c9cc2baaf149740eac8d8579dbb2ee7c0e63a0403d061adb0ae0b0b66

    • SSDEEP

      24576:Gg4mEzEzlXel6Kqn9DSuGOMAYd1EmH07YV1GmP0jYX1JmX0UY/1ImD0A:G

    Score
    1/10
    • Target

      Scrafy.dll

    • Size

      35.0MB

    • MD5

      70549df31467a4c90250bfdaaa28f62a

    • SHA1

      84c36b0999f842887a0d9a950c26373deeb798c6

    • SHA256

      926687efa6694393d6c4a3e95c5e06a52cb7227e3fe5617e9dd59e7a7579cf5f

    • SHA512

      6d59e8eadbf0d236a88ed14440335e01d528eb017cff8e875fd6ffa5d5bbfaffb4efe21cd298a62edbfac5bfd8f4719d42c9c13b65d7c64a775eaf0da34577b7

    • SSDEEP

      3:Hcxzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzm:HcU

    Score
    1/10
    • Target

      d3dcsx_46.dll

    • Size

      1.8MB

    • MD5

      8355e491fa90ca00045be22bb556b213

    • SHA1

      1878a0cbbd064183ca290efd8841d11338a3dfcd

    • SHA256

      85017342fd829fbd32d7045c2c0b2254e68e5c3bd6faa59c920dec878c765dcd

    • SHA512

      d31b46468246cc554cf993d6114590121caad904966add2587b527f6c1421ed79822d7e332b6959c8e9b640526f38923a1f4cf4ae27120a351edc573304b6963

    • SSDEEP

      24576:qannDf1/bJiWNwG1KSx1T4dEQMtqVC43uH1Ug:qynDf1/1iZs4dpMATeHL

    Score
    1/10
    • Target

      keys.dll

    • Size

      166KB

    • MD5

      2c72867294029653210306933c4f53a7

    • SHA1

      b1f7f0a441b767072294cda20b9539fa7de41a87

    • SHA256

      a70f215428fe8fd412ef0efb74c5ad8d9afbc26eba4e416f1f4b22949c6fec5b

    • SHA512

      eadbf37e44e42b6329206929d7675ac08eac0efed2f271e459fea7a844b2ff31054d39ab82ee779a397ba5a1b2718a0e42528bc5e388541aa64a8511c7788cd4

    • SSDEEP

      3072:UjcH7izJoHwD+cguq5x4oCk052vK9WFi/Dbt2/aWb8c583pV6z3Y:2ewNg35CZl52vK9uSIDTY

    Score
    3/10
    • Target

      swds.dll

    • Size

      1.0MB

    • MD5

      8c05b73c73273ecb9b5f69443e2641e2

    • SHA1

      0770a02c6617f5223a08a27fc8d05ecedc947316

    • SHA256

      f802c0a63c0e3e0336bfa35b34502a00e8ce06ad90d930273e81df5076846e16

    • SHA512

      291f6e634afec9724e3a1e09b86d8c9b8f7a884669f96405b97ddcf6470139ee7e248ba663cd4aa97c541f83c48bd9ff98fd07ff71e6c0d9a375b3daab82a462

    • SSDEEP

      24576:gfiy/IEaNYLIJG80ce+FAM6EEiO4uXk+IksxjTJqg6Wu:2/pjgGNce+FAG9O4uU+Iks1T7u

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks