General

  • Target

    59d7fd05ac50e1757f5bf5fa45d59e27

  • Size

    1.7MB

  • Sample

    241110-bzmscawhqa

  • MD5

    59d7fd05ac50e1757f5bf5fa45d59e27

  • SHA1

    9b05671f2a00280671cc0ae4dfad6c673b0444a9

  • SHA256

    b76a917a7922249ca4f14d3bdb6d9c684adf4e1ffa3d7a77324def11fddcd177

  • SHA512

    df4ee45a101aef305e7e08333c3c8f5f73890280464bed9491920be882d54cff66fa4288a4ec5b3e918a7147765a5bbcaf74c146ab233f0ef216709f014785a5

  • SSDEEP

    49152:MnyFvEPjLZ9HiaS4t0bt6yK9KtkHPE9PGGz+4F9EzrPiQAaI2SH2Q:MnnPXZJX8JssteEFGg+4FgrUaI2SZ

Malware Config

Targets

    • Target

      Libraries/Bunifu_UI_v1.52.dll

    • Size

      219KB

    • MD5

      5eca94d909f1ba4c5f3e35ac65a49076

    • SHA1

      3b9cb69510887117844464a2cc711c06f2c3bd19

    • SHA256

      de0e530d46c803d85b8aeb6d18816f1b09cb3dafefb5e19fdfa15c9f41e0f474

    • SHA512

      257a33c748dfb617a7e2892310132fd4abf4384fb09c93a8ac3f609fd91353a4f3e326124ecc63b6041ac87cf4fcc17a8bdca312e0c851acd9c7a182247066ea

    • SSDEEP

      6144:o1uzZh5rYAuBjtnkbxuzZ7Mg3i3hJtm4Fw2hHQHcHKaPUb:Ku1higb4zZR+9mcHX

    Score
    1/10
    • Target

      Libraries/GuiLib.dll

    • Size

      50KB

    • MD5

      eaf9c55793cd26f133708714ed3a5397

    • SHA1

      1818aa718498f0810199eca2b91db300dc24f902

    • SHA256

      87cfc70bec2d2a37bcd5d46f9e6f0051f82e015ff96e8f2bc2d81b85f2632f15

    • SHA512

      b793ae1155bd7be247b42c0fc1bc53e34cf69e802c0e365427322dac4b5cc68728d24255a717aaffa774b4551a6946c17106387cff4cfdb6ce638d8a4ecab4d9

    • SSDEEP

      768:CXBWBHqfkC/Wcd1V4+8dUQeEqUNVugMP26lunzWWeddVV:CXiWJ16+8dxeAVuAWWed9

    Score
    1/10
    • Target

      Libraries/MetroSet UI.dll

    • Size

      436KB

    • MD5

      f13dc3cffef729d26c4da102674561cf

    • SHA1

      5f9abff0bdf305e33b578c22dada5c87b2f6f39c

    • SHA256

      d490c04e6e89462fd46099d3454985f319f57032176c67403b3b92c86ca58bcb

    • SHA512

      aa8699c5f608a10a577cb23715f761ee28922c4778f5ea8a5ec0a184e1143689fba5a08003fd5cbf3c7dd516eac1fddc8c3f9efa1d993ba1888e87b70190c08f

    • SSDEEP

      12288:oE4n7EmAqNv8MkCvzMTlCPRSoWzz7QYaIHtMhPrYDK:oE4n7xAqN0MkCvzMTlCEoDYFH2eDK

    Score
    1/10
    • Target

      Libraries/Newtonsoft.Json.dll

    • Size

      683KB

    • MD5

      6815034209687816d8cf401877ec8133

    • SHA1

      1248142eb45eed3beb0d9a2d3b8bed5fe2569b10

    • SHA256

      7f912b28a07c226e0be3acfb2f57f050538aba0100fa1f0bf2c39f1a1f1da814

    • SHA512

      3398094ce429ab5dcdecf2ad04803230669bb4accaef7083992e9b87afac55841ba8def2a5168358bd17e60799e55d076b0e5ca44c86b9e6c91150d3dc37c721

    • SSDEEP

      12288:Lf9WGsSVSM2mxL2nRiOr8gUckc6V/g2GhBzj05cH:7XNL2PVh6B+Bzjmc

    Score
    1/10
    • Target

      Libraries/RedLine.SharedModels.dll

    • Size

      29KB

    • MD5

      bee2969583715bfa584d073ac8d98c42

    • SHA1

      37d1221ce6bb82e7ad08fd22bd13592815a23468

    • SHA256

      5f92db78e43986f063632fb2cfafdce73e5e7e64979900783ca9a00016933375

    • SHA512

      5c139b81a51477d8362be2bf72b9f2425d54ef67b4ad715fbe8aa11f8a57435abb7f23a7ecaee18611e559d1006c0df5dd3427b6e7c3caed38d8cffd79e4bb1c

    • SSDEEP

      768:OqYS91uYM7KwU+QJDqnCz2iiMkM16dTS:OqYSqfOwTgDqnLZMn16NS

    Score
    1/10
    • Target

      Libraries/System.Drawing.Pen.dll

    • Size

      2.7MB

    • MD5

      d385f2a3e04b4645b4b8040bdc0bb5db

    • SHA1

      00473aa80b4d9c70aeb6266cf0540e43df2628d3

    • SHA256

      86971a8ac9aaec4421bf0ad43585d94553e92a1a6fe26da981ccc045bff83528

    • SHA512

      627ca8a6dcc22746ee5296cd8480773dfd0ce537c42edf86f30f59b90d35bbac857636da435e5bc0afbddb6d05fb519d7d8e1b3d0122d58ccb46c95b47c88787

    • SSDEEP

      3072:apblKLY+hugA/JMGI+3TBb3K65tKMFL6uOqKXyeHD3Q6b7cvWUevzml01xvS0yi9:ap

    Score
    1/10
    • Target

      Libraries/Vestris.ResourceLib.dll

    • Size

      76KB

    • MD5

      944ce5123c94c66a50376e7b37e3a6a6

    • SHA1

      a1936ac79c987a5ba47ca3d023f740401f73529b

    • SHA256

      7da3f0e77c4dddc82df7c16c8c781fade599b7c91e3d32eefbce215b8f06b12a

    • SHA512

      4c034ff51cc01567f3cb0796575528ca44623b864eb606266bcf955a9259ed26b20bec0086d79038158d3a5af2ada0a90f59d7c6aae9e545294fe77825dbe08b

    • SSDEEP

      1536:CSSYikTF0Z+sFGu11tIcyI1MtI9eDG3fL7:CJYD0Z9FGu11teI1r9ea3

    Score
    1/10
    • Target

      Libraries/protobuf-net.dll

    • Size

      274KB

    • MD5

      d16fffeb71891071c1c5d9096ba03971

    • SHA1

      24c2c7a0d6c9918f037393c2a17e28a49d340df1

    • SHA256

      141b235af8ebf25d5841edee29e2dcf6297b8292a869b3966c282da960cbd14d

    • SHA512

      27fb5b77fcadbe7bd1af51f7f40d333cd12de65de12e67aaea4e5f6c0ac2a62ee65bdafb1dbc4e3c0a0b9a667b056c4c7d984b4eb1bf4b60d088848b2818d87a

    • SSDEEP

      6144:M+mGOqp3p9xOhav/ZcaiysIN5UGr8fnd0OJNGyo:JOqp3bkhUZcbyP51rACGNGyo

    Score
    1/10
    • Target

      OpenPort.bat

    • Size

      94B

    • MD5

      cf1cc90281e28cee22dce7ed013c2678

    • SHA1

      2f213a71b76db3e51ad2d659f84dc1f3f90725fb

    • SHA256

      84399f8bccefa404e156a5351b1de75a2d5290b4fddd1754efb16401ed7218ef

    • SHA512

      2b61c1da7cc66506537719cedab82f172d2ac1af4df69513ba64507a5ed67989974f81791faf08c5855580df53f564600381be34c340b825f1f01919948921e1

    • Target

      RedLine.MainPanel.exe

    • Size

      681KB

    • MD5

      cebc3d480f68e62df1c8f313c706aea7

    • SHA1

      b1bdf43073067c687c631abd2f41967e8aa76b64

    • SHA256

      97c7bfdaaba189507eff65ff523d9f03dd94b78a29f55d4f66cdea64cbbab14b

    • SHA512

      93bcc773387cc793f64c7e684eb04e15dd5c282adf876725c67b8438e8066ec701dd19f538cf3298742386b9f168daaa576c0c5b2cbf7dd16b36b5939857e6cd

    • SSDEEP

      12288:ynGxx6T3UDep8pkYXRXRXRXRXRXRXcOXRXRXRX7t4umBNOurX:tQfny2

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

MITRE ATT&CK Enterprise v15

Tasks