General

  • Target

    ba49a2b836fa3abe640fd5c32398796d4d497910cbeb0d53e20ccaf5f361ee7a

  • Size

    226.7MB

  • Sample

    241110-3wjp3axkhy

  • MD5

    e93f9a844ecab1a07d2e3a10da3b67e6

  • SHA1

    3a1b0a3114398396c4cee39031088ce814055239

  • SHA256

    ba49a2b836fa3abe640fd5c32398796d4d497910cbeb0d53e20ccaf5f361ee7a

  • SHA512

    ae6ca85d45a11ef43d65fd53f99a0eb1072c38f45edea0d7e172abc4859413b9584b46ecccfa16c522e4be785a78f1c50737b636cd6c6381cc1153962b67fe4f

  • SSDEEP

    6291456:KaF+tDeLK7pnDfiEq4HSBpJw7R2LgcyD3VimNArIeEg+sf:Ka2DeLunGf4HEb0pV3Vi8g+o

Malware Config

Extracted

Family

redline

Botnet

5623257544_99

C2

mechanikal.top:3306

mechanikal.top:28786

Attributes
  • auth_value

    a16f7ef3f77cf52053690cf937a7edaa

Targets

    • Target

      Adobe Photoshop/Adobe 2022/autorun.ini

    • Size

      41KB

    • MD5

      768e8d12b251166d1a11d6e1075569a4

    • SHA1

      1d9cca2a579fe2a966ae3ef6b08c81fbf43c1d5e

    • SHA256

      cbf448b2066433129b505eddd0d62b2e5802aecf4d282f43268a07d9e55eb321

    • SHA512

      b875b25efbb7f9298c3cbd992df8dbf6036cbc44224d30ea758e9af0ec73253843a19ba173e376fa1a5ba29b50363d09f1583f5d377577a1ee9cf80701312d7d

    • SSDEEP

      768:EwUJmdMeVF6u4JaRngtG5hzod2NUDXSiJr2Qua1zhVvVaXLkjWz:EwUJPeVFBRn/62NUDXSiVNuaxhx0Dz

    Score
    3/10
    • Target

      AdobeIPCBroker.exe

    • Size

      1.0MB

    • MD5

      2281dffdb1988937b6c9d30128e64b42

    • SHA1

      549c86e215b80f67a036fa93304fcb367e0f346d

    • SHA256

      99557b43cd337e46afab2d277fc0e8cfe668241780e68dd4c88c9099f65c809b

    • SHA512

      8bbc920054c842d6bb8ba5e3e5896dff6c56a6662a35dcde952a4a4b68d726352d9ffbee8734590214e6c640332d913a63802a2aed666794d4554c03f592be31

    • SSDEEP

      24576:9PHeMy8QQGeQrRUm7KAd6JtFMGFWwa5iksXSGBwKMDHreO9w7chAd:ZbhSnKAwCWjMmXtgBwp

    Score
    3/10
    • Target

      customhook/AdobeIPCBrokerCustomHook.exe

    • Size

      197KB

    • MD5

      64100ce9dd9e670e28a487aabe7c1241

    • SHA1

      4ac3eeb414d7d8d1c80b8644e445d2684991150f

    • SHA256

      e97c8ed6d6c95556c11f73149a54b759548fd144e23f320ffa573709db9ccba7

    • SHA512

      8527b9df907e98f0e810583cb1e64b7f8486e540daea5a7c0052e96d94516290eeb4f22163ed16b17006974d407132565e2c48d653ba385ab86857c0290d7cef

    • SSDEEP

      3072:cjetgAXQLGOyYJI++TNHWtGm7B8xOVafniAg0Fujo+LXV5trbcCy:cjeAy+UN2t3AOb35bcCy

    Score
    3/10
    • Target

      Adobe Photoshop/Adobe 2022/resources/AdobePIM.dll

    • Size

      2.1MB

    • MD5

      7efc2b6852333d9ebac124d4844ba2af

    • SHA1

      23c4a09cd6a63850c94109b7b8cbbc197f38931d

    • SHA256

      7917708a9f343067e01242423eaa73ae981e20ce07ace6274fdcc71ee2b03b51

    • SHA512

      0f9448baa5d1988c14e9b887fcf0491ad49bbdcb808d430a78e78de0e0cfa7a459988dde1a1e58413e621fc732af940a2d6d921a9d599dc495ace4e55f749c48

    • SSDEEP

      49152:vDMuoV5iuRXAySHAf5rXXqEkZd78HGP1zQTThZOq1MSGY:vIuoVZDPrXXqEkZd78Hvyl4

    Score
    4/10
    • Target

      Adobe Photoshop/Adobe 2022/resources/carousel/carousel.js

    • Size

      2KB

    • MD5

      c728f39895d885d416ed009e68a43709

    • SHA1

      761eafe80f3175a17a4eed9b2c53fbf7a35c8149

    • SHA256

      ccf6c5f519b13ff9b8e4580a53bd0e57f10e00c1e6240c95e0bd2c28c45e0735

    • SHA512

      6f176fd9652646f73a6be84ebffb6a384a87b1305745ce9e5d6d79ea1c1512705552af62a4c2cbfe481335cad69715cc265ba7dbb4087caefdb8333e45195e0f

    Score
    3/10
    • Target

      Adobe Photoshop/Adobe 2022/resources/carousel/index.html

    • Size

      1KB

    • MD5

      5587d0aaf5f5b87aebc43fad35b31b7a

    • SHA1

      49ca26fdfb6eadacd4089b1684bbc6b573c96936

    • SHA256

      d232db2f53be8dedd48ece25d2c6aec604a192421744c9d0ce7574a172fa0a9b

    • SHA512

      e9e54f6fa57c80e776cea8f6a40dedfbd2fadd4c329c37890a06652475b2f2f2695a51d893c8b253e4ce427624ebe82cbc03ccb494410e39f78d56acff960cef

    Score
    3/10
    • Target

      Adobe Photoshop/Adobe 2022/resources/carousel/lib/jquery.min.js

    • Size

      91KB

    • MD5

      e1288116312e4728f98923c79b034b67

    • SHA1

      8b6babff47b8a9793f37036fd1b1a3ad41d38423

    • SHA256

      ba6eda7945ab8d7e57b34cc5a3dd292fa2e4c60a5ced79236ecf1a9e0f0c2d32

    • SHA512

      bf28a9a446e50639a9592d7651f89511fc4e583e213f20a0dff3a44e1a7d73ceefdb6597db121c7742bde92410a27d83d92e2e86466858a19803e72a168e5656

    • SSDEEP

      1536:96IzxETpavYSGaW4snuHEk/yosnSFngC/VEEG0vd0KO4emAp2LSEMBoviR+I1z5T:v+vIklosn/BLXjxzMhsSQ

    Score
    3/10
    • Target

      Adobe Photoshop/Adobe Photoshop.exe

    • Size

      676.9MB

    • MD5

      2ded5fcb43860c72002d99c9fe2fbc2f

    • SHA1

      c4754ba46ab5799468032a500dd1af2b6dfa439a

    • SHA256

      b9628087374864e7b15d7bbc8a389f3af6a056d2bb1f54e3df74371de74a83a9

    • SHA512

      e774e4c4faef9fb5cd6ea06bc8676f4611cbe00497c599edc4ca0edb4d2595df0355cf50f9c46468850ec0fb99d7bf1208e390b9b75723b58486fdb97cd0e0cf

    • SSDEEP

      3072:OCH7v9lmvbpfyayDdbxJVGJw04FDeinuMtRkG2hmKV:OK7Fglry5bx84FDeiu42bV

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

    • Target

      Adobe Photoshop/fonts/jailbreak.dll

    • Size

      90KB

    • MD5

      3311f69d3894a7453fd23a505b5093d3

    • SHA1

      a9bbecda9ef5ad4ea7ce1058b783d90ad58799ac

    • SHA256

      ca77ab898a5181cfb07a2011583a2f43374f517b3c80d5cd05f033467a562302

    • SHA512

      78775a24fc3da5ff947548a3ecf78b33f780d07280847bf9a18687450f45f63f5e3179c00fdb0227e16ac49a5b0572e4eff2676c901b28dde0e514bb8cd00ee5

    • SSDEEP

      1536:1edILJQtthcQJB/uJ7+0glW7Rl30s6Sc6GvtaDBH1dvNIUo//xFAxkZa+oP7fqDo:1edIkhxGJ56SOtaDBpIwGhGF

    Score
    1/10
    • Target

      Adobe Photoshop/fonts/usbhelper.dll

    • Size

      177KB

    • MD5

      18889e99b337bb6797bd8f54d3f23bf7

    • SHA1

      89780b93bf19bbed3f47993d27658ded87630792

    • SHA256

      3219dadccbacfd68e2c1a211acd407035f92b909b6ff847f7db18e908a08b7a1

    • SHA512

      a25b522a774e2c72f70c730711a1f785841965032bf66e0f4065572c439dd06fdbb88bd1d6fbeb97cd354ecca057683f6bf753c34d0f6d360faaf7f14c80c949

    • SSDEEP

      3072:KssBi5Bloa4fIsaeWyBLLomzW4rZfFKw+tCfGH3UNeexiQMl7ZMWq/TlqaCUFW0:HYa46eWyBLXW8VeUizb1aa0

    Score
    3/10
    • Target

      Adobe Photoshop/fonts/win-core.dll

    • Size

      41KB

    • MD5

      768e8d12b251166d1a11d6e1075569a4

    • SHA1

      1d9cca2a579fe2a966ae3ef6b08c81fbf43c1d5e

    • SHA256

      cbf448b2066433129b505eddd0d62b2e5802aecf4d282f43268a07d9e55eb321

    • SHA512

      b875b25efbb7f9298c3cbd992df8dbf6036cbc44224d30ea758e9af0ec73253843a19ba173e376fa1a5ba29b50363d09f1583f5d377577a1ee9cf80701312d7d

    • SSDEEP

      768:EwUJmdMeVF6u4JaRngtG5hzod2NUDXSiJr2Qua1zhVvVaXLkjWz:EwUJPeVFBRn/62NUDXSiVNuaxhx0Dz

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks