Overview
overview
10Static
static
10Libraries/...52.dll
windows7-x64
1Libraries/...52.dll
windows10-2004-x64
1Libraries/GuiLib.dll
windows7-x64
1Libraries/GuiLib.dll
windows10-2004-x64
1Libraries/...UI.dll
windows7-x64
1Libraries/...UI.dll
windows10-2004-x64
1Libraries/...on.dll
windows7-x64
1Libraries/...on.dll
windows10-2004-x64
1Libraries/...ls.dll
windows7-x64
1Libraries/...ls.dll
windows10-2004-x64
1Libraries/...en.dll
windows7-x64
1Libraries/...en.dll
windows10-2004-x64
1Libraries/...ib.dll
windows7-x64
1Libraries/...ib.dll
windows10-2004-x64
1Libraries/...et.dll
windows7-x64
1Libraries/...et.dll
windows10-2004-x64
1OpenPort.bat
windows7-x64
8OpenPort.bat
windows10-2004-x64
8RedLine.MainPanel.exe
windows7-x64
10RedLine.MainPanel.exe
windows10-2004-x64
10General
-
Target
59d7fd05ac50e1757f5bf5fa45d59e27
-
Size
1.7MB
-
Sample
241110-bzmscawhqa
-
MD5
59d7fd05ac50e1757f5bf5fa45d59e27
-
SHA1
9b05671f2a00280671cc0ae4dfad6c673b0444a9
-
SHA256
b76a917a7922249ca4f14d3bdb6d9c684adf4e1ffa3d7a77324def11fddcd177
-
SHA512
df4ee45a101aef305e7e08333c3c8f5f73890280464bed9491920be882d54cff66fa4288a4ec5b3e918a7147765a5bbcaf74c146ab233f0ef216709f014785a5
-
SSDEEP
49152:MnyFvEPjLZ9HiaS4t0bt6yK9KtkHPE9PGGz+4F9EzrPiQAaI2SH2Q:MnnPXZJX8JssteEFGg+4FgrUaI2SZ
Behavioral task
behavioral1
Sample
Libraries/Bunifu_UI_v1.52.dll
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
Libraries/Bunifu_UI_v1.52.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Libraries/GuiLib.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
Libraries/GuiLib.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
Libraries/MetroSet UI.dll
Resource
win7-20240708-en
Behavioral task
behavioral6
Sample
Libraries/MetroSet UI.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
Libraries/Newtonsoft.Json.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
Libraries/Newtonsoft.Json.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
Libraries/RedLine.SharedModels.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
Libraries/RedLine.SharedModels.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
Libraries/System.Drawing.Pen.dll
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
Libraries/System.Drawing.Pen.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
Libraries/Vestris.ResourceLib.dll
Resource
win7-20241010-en
Behavioral task
behavioral14
Sample
Libraries/Vestris.ResourceLib.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
Libraries/protobuf-net.dll
Resource
win7-20240729-en
Behavioral task
behavioral16
Sample
Libraries/protobuf-net.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
OpenPort.bat
Resource
win7-20241023-en
Behavioral task
behavioral18
Sample
OpenPort.bat
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
RedLine.MainPanel.exe
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
RedLine.MainPanel.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
Libraries/Bunifu_UI_v1.52.dll
-
Size
219KB
-
MD5
5eca94d909f1ba4c5f3e35ac65a49076
-
SHA1
3b9cb69510887117844464a2cc711c06f2c3bd19
-
SHA256
de0e530d46c803d85b8aeb6d18816f1b09cb3dafefb5e19fdfa15c9f41e0f474
-
SHA512
257a33c748dfb617a7e2892310132fd4abf4384fb09c93a8ac3f609fd91353a4f3e326124ecc63b6041ac87cf4fcc17a8bdca312e0c851acd9c7a182247066ea
-
SSDEEP
6144:o1uzZh5rYAuBjtnkbxuzZ7Mg3i3hJtm4Fw2hHQHcHKaPUb:Ku1higb4zZR+9mcHX
Score1/10 -
-
-
Target
Libraries/GuiLib.dll
-
Size
50KB
-
MD5
eaf9c55793cd26f133708714ed3a5397
-
SHA1
1818aa718498f0810199eca2b91db300dc24f902
-
SHA256
87cfc70bec2d2a37bcd5d46f9e6f0051f82e015ff96e8f2bc2d81b85f2632f15
-
SHA512
b793ae1155bd7be247b42c0fc1bc53e34cf69e802c0e365427322dac4b5cc68728d24255a717aaffa774b4551a6946c17106387cff4cfdb6ce638d8a4ecab4d9
-
SSDEEP
768:CXBWBHqfkC/Wcd1V4+8dUQeEqUNVugMP26lunzWWeddVV:CXiWJ16+8dxeAVuAWWed9
Score1/10 -
-
-
Target
Libraries/MetroSet UI.dll
-
Size
436KB
-
MD5
f13dc3cffef729d26c4da102674561cf
-
SHA1
5f9abff0bdf305e33b578c22dada5c87b2f6f39c
-
SHA256
d490c04e6e89462fd46099d3454985f319f57032176c67403b3b92c86ca58bcb
-
SHA512
aa8699c5f608a10a577cb23715f761ee28922c4778f5ea8a5ec0a184e1143689fba5a08003fd5cbf3c7dd516eac1fddc8c3f9efa1d993ba1888e87b70190c08f
-
SSDEEP
12288:oE4n7EmAqNv8MkCvzMTlCPRSoWzz7QYaIHtMhPrYDK:oE4n7xAqN0MkCvzMTlCEoDYFH2eDK
Score1/10 -
-
-
Target
Libraries/Newtonsoft.Json.dll
-
Size
683KB
-
MD5
6815034209687816d8cf401877ec8133
-
SHA1
1248142eb45eed3beb0d9a2d3b8bed5fe2569b10
-
SHA256
7f912b28a07c226e0be3acfb2f57f050538aba0100fa1f0bf2c39f1a1f1da814
-
SHA512
3398094ce429ab5dcdecf2ad04803230669bb4accaef7083992e9b87afac55841ba8def2a5168358bd17e60799e55d076b0e5ca44c86b9e6c91150d3dc37c721
-
SSDEEP
12288:Lf9WGsSVSM2mxL2nRiOr8gUckc6V/g2GhBzj05cH:7XNL2PVh6B+Bzjmc
Score1/10 -
-
-
Target
Libraries/RedLine.SharedModels.dll
-
Size
29KB
-
MD5
bee2969583715bfa584d073ac8d98c42
-
SHA1
37d1221ce6bb82e7ad08fd22bd13592815a23468
-
SHA256
5f92db78e43986f063632fb2cfafdce73e5e7e64979900783ca9a00016933375
-
SHA512
5c139b81a51477d8362be2bf72b9f2425d54ef67b4ad715fbe8aa11f8a57435abb7f23a7ecaee18611e559d1006c0df5dd3427b6e7c3caed38d8cffd79e4bb1c
-
SSDEEP
768:OqYS91uYM7KwU+QJDqnCz2iiMkM16dTS:OqYSqfOwTgDqnLZMn16NS
Score1/10 -
-
-
Target
Libraries/System.Drawing.Pen.dll
-
Size
2.7MB
-
MD5
d385f2a3e04b4645b4b8040bdc0bb5db
-
SHA1
00473aa80b4d9c70aeb6266cf0540e43df2628d3
-
SHA256
86971a8ac9aaec4421bf0ad43585d94553e92a1a6fe26da981ccc045bff83528
-
SHA512
627ca8a6dcc22746ee5296cd8480773dfd0ce537c42edf86f30f59b90d35bbac857636da435e5bc0afbddb6d05fb519d7d8e1b3d0122d58ccb46c95b47c88787
-
SSDEEP
3072:apblKLY+hugA/JMGI+3TBb3K65tKMFL6uOqKXyeHD3Q6b7cvWUevzml01xvS0yi9:ap
Score1/10 -
-
-
Target
Libraries/Vestris.ResourceLib.dll
-
Size
76KB
-
MD5
944ce5123c94c66a50376e7b37e3a6a6
-
SHA1
a1936ac79c987a5ba47ca3d023f740401f73529b
-
SHA256
7da3f0e77c4dddc82df7c16c8c781fade599b7c91e3d32eefbce215b8f06b12a
-
SHA512
4c034ff51cc01567f3cb0796575528ca44623b864eb606266bcf955a9259ed26b20bec0086d79038158d3a5af2ada0a90f59d7c6aae9e545294fe77825dbe08b
-
SSDEEP
1536:CSSYikTF0Z+sFGu11tIcyI1MtI9eDG3fL7:CJYD0Z9FGu11teI1r9ea3
Score1/10 -
-
-
Target
Libraries/protobuf-net.dll
-
Size
274KB
-
MD5
d16fffeb71891071c1c5d9096ba03971
-
SHA1
24c2c7a0d6c9918f037393c2a17e28a49d340df1
-
SHA256
141b235af8ebf25d5841edee29e2dcf6297b8292a869b3966c282da960cbd14d
-
SHA512
27fb5b77fcadbe7bd1af51f7f40d333cd12de65de12e67aaea4e5f6c0ac2a62ee65bdafb1dbc4e3c0a0b9a667b056c4c7d984b4eb1bf4b60d088848b2818d87a
-
SSDEEP
6144:M+mGOqp3p9xOhav/ZcaiysIN5UGr8fnd0OJNGyo:JOqp3bkhUZcbyP51rACGNGyo
Score1/10 -
-
-
Target
OpenPort.bat
-
Size
94B
-
MD5
cf1cc90281e28cee22dce7ed013c2678
-
SHA1
2f213a71b76db3e51ad2d659f84dc1f3f90725fb
-
SHA256
84399f8bccefa404e156a5351b1de75a2d5290b4fddd1754efb16401ed7218ef
-
SHA512
2b61c1da7cc66506537719cedab82f172d2ac1af4df69513ba64507a5ed67989974f81791faf08c5855580df53f564600381be34c340b825f1f01919948921e1
Score8/10-
Modifies Windows Firewall
-
-
-
Target
RedLine.MainPanel.exe
-
Size
681KB
-
MD5
cebc3d480f68e62df1c8f313c706aea7
-
SHA1
b1bdf43073067c687c631abd2f41967e8aa76b64
-
SHA256
97c7bfdaaba189507eff65ff523d9f03dd94b78a29f55d4f66cdea64cbbab14b
-
SHA512
93bcc773387cc793f64c7e684eb04e15dd5c282adf876725c67b8438e8066ec701dd19f538cf3298742386b9f168daaa576c0c5b2cbf7dd16b36b5939857e6cd
-
SSDEEP
12288:ynGxx6T3UDep8pkYXRXRXRXRXRXRXcOXRXRXRX7t4umBNOurX:tQfny2
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Redline family
-