redline | bf8ecc13a3b1b6cc8b0a3cd1c3fe4fb29c2dedb29c64463da65824b7f101e2b2 | Triage

Sharing

General

Target

2ce791cdbc0412817f9a8270848dbcb15787fbb4
Size

49.0MB
Sample

241111-akpsqa1ngm
MD5

50aeb8170f2bc375bca110005f36d497
SHA1

2ce791cdbc0412817f9a8270848dbcb15787fbb4
SHA256

bf8ecc13a3b1b6cc8b0a3cd1c3fe4fb29c2dedb29c64463da65824b7f101e2b2
SHA512

47ebcfbe4327d8e144a17213e8e0ad527e0fc76b3225f72f9c1610b9eacf871b0ae59a60bcecf991a973c33686af5a9659c5303623152f86c0f483bac95e858a
SSDEEP

1572864:LYToMKRcgv7pJAB20gcomSVXwpvwc4/GgTJhO:LYTkRcg1JF0gc9KXwpvd4eg2

Score

10^/10

redline @chaoiiing 17/08/22 discovery execution infostealer

Malware Config

Extracted

Family

redline

Botnet

@chaoiiing 17/08/22

C2

92.38.241.94:22922

Attributes

auth_value
72cce26a18d3046167e14710509d2d24

Targets

- Target
  
  Setupcanva.exe
- Size
  
  123KB
- MD5
  
  3c9cfbbea4eb2686c474bba7199cab1c
- SHA1
  
  fb383ea378bde912485ea5f3ff380545559ce54c
- SHA256
  
  72cb2e57c69043f850c236528c016cd0c626002c394a5e11f6a6169b815ab1ef
- SHA512
  
  9ce11c82a815b04a36c85b0cfaa69e6d682fdc3973951ca9c56d90287f616992fcd0dad571ad1d1cd33fb2c196171b267bd2525d127b10e10c69b94c01f807f5
- SSDEEP
  
  3072:xekJWGLunDanEw56QyYoIxIDbdRoi4D82r:xRIDanBuPIKDbdRFc8+
Score

10^/10

redline @chaoiiing 17/08/22 discovery infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  bin/win32/ffmpegsumo.dll
- Size
  
  963KB
- MD5
  
  8d6c1353081a166c15ab31ee83906c8e
- SHA1
  
  40283ef8b4343553ecf0e6e8aa4170081467bffc
- SHA256
  
  564ad57d50ffe96efd0b274a8faf94fe578819405abfc26e2d3d8d092bb465f5
- SHA512
  
  2a9737b940d330285c7040cb3e7753f33a4083f0a8a1ec3e487a9ada312f986115ca51a538abe256a735b680a19f410907bf00e2d70638706764bf2a7d52bd04
- SSDEEP
  
  12288:shP1NwYxY4gGZF1xdFNT1Ygx+iP/U7Okow2p4mDJbWYmlna7MlPM+fCI1MIx1oU8:s9gkjxdFNT1YC+UEHowA4mdb/AM+3P
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  bin/win32/libEGL.dll
- Size
  
  208KB
- MD5
  
  8a2b8adcac38aebaf2db2f7ac9d48739
- SHA1
  
  6b167aa777e3cdceab18c04edc7a64afe58a6152
- SHA256
  
  fbed115e8c32a137bbdffffa73d5e5ceb5c82441079c6afe471cd94821c7499e
- SHA512
  
  dda6f436ec80d5d993a01f73484034f85fc918ac8707989e01eb53c7c13b1c29678e8165d470524de1dafb0c8fd1523d723b3190f89c5f6e35405ea193db3e34
- SSDEEP
  
  3072:BXYFqtvMBOpw+py7arltg9hhKJErP+vsAg0FuUJF/AAg0Fuq157R/iNA:BXYSvMBbl7Ufg9hhKJuosAOUTAAOSsA
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  bin/win32/libGLESv2.dll
- Size
  
  1.3MB
- MD5
  
  69ac8131eb79ea07cde195d2d27508e6
- SHA1
  
  4d59d5fd732b2114ab7b0f96158e234e2fb1237b
- SHA256
  
  295f132666cbf1eeea2376e56844257e3c6a9bc3da2ffcfc48e08787343c9569
- SHA512
  
  66c9e91d690b634f013d502c3e89989735475dad2c637e77d767c174dbc12dc6df7a855a65830e0d796f7d943229a033af76c70e8c5a7a119a90e8d24b7e2e1c
- SSDEEP
  
  24576:347pmYf8rDQTOMYSNQamVEUEj0KwmZkCIOO8r:Pwewj6mCROO
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  bin/win32/nw.pak
- Size
  
  5.5MB
- MD5
  
  0d24674943dfff947cefb3e8b90f22fc
- SHA1
  
  c21836dfa7fcac7cd756b6499d815906269acdd8
- SHA256
  
  0b8e036948dc0e07d41efc71418c1901c7a037b857c6adef0bf0696fb6642634
- SHA512
  
  0c7e25901ebd00a619e00a90895bd9c5272e45544a1082789b93d6a912adc188c7cb7ab67f4eb5c4fd06da916e2709c6c18005e5ebda9cb778a471196784635e
- SSDEEP
  
  49152:6F6PwseuK3oSVvolWJAv5SfAo2G40FH7FSpXPWav2TU5cCI8IL/s1mF4//V1liwB:JVSfAL9vkWGGG2pLTuN6
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  bin/win64/ffmpegsumo.dll
- Size
  
  991KB
- MD5
  
  83d7e2b05e7fab09258f6763154ce1a2
- SHA1
  
  bd80808b0a5b1e32cad270506ca89653a081f3a7
- SHA256
  
  f0c4ff613908c0a7b6d3c893984bbd8d63ae21de32d01b45a706667aacff43c6
- SHA512
  
  e15524a791118310745645f15c23cd6f8d004c946eb1d3aaea6ab4c4a1300762dad354d374b3bcd029fd30e9fcc54743ae8b4ccb76c7a26b92905de808c83302
- SSDEEP
  
  24576:Ms58Z15Ngksc9s0a8wTMMwhmSAzL7aGZELDKPPTykTCO76:MQ2Zgksc9s0aBTMWCO
Score

1^/10
behavioral11 behavioral12
- Target
  
  bin/win64/libEGL.dll
- Size
  
  203KB
- MD5
  
  fee39269772633d85ad1ebf4d93611b3
- SHA1
  
  915f067094dd1dd3dbe42f3acb53a8becb81b151
- SHA256
  
  a974a768c54395a1f00ca5a690c86732ff82f82eec26faa3c4c87cd5322d513d
- SHA512
  
  6dc1a70a86d4a3326c2fd8b0775312688c2cfeab7d16d6c4fabc3f6c6c4c0adf715369ac91691b23ed1a741953914b6739b2b050ee428ae963c3aa64c2aab00a
- SSDEEP
  
  3072:K3yiHbZ85o+aolTx7H1TQOyRq3uBuUEj+0Y026O+bfEa:AHt87aolT9ahRq+IjZb8
Score

1^/10
behavioral13 behavioral14
- Target
  
  bin/win64/libGLESv2.dll
- Size
  
  1.6MB
- MD5
  
  4314884d92572407e1af1ff1506685df
- SHA1
  
  d6f616f0fc3aacc634375ad47a7b32a7ca96fb94
- SHA256
  
  6279f0d902e3c9efeff5300eac138c7f2feb15bf4c0ac7297474ed80002aab42
- SHA512
  
  ac22e5a97a82c1795c8930068d0abaec2260cf91f9fdd7b01114df40041e204e4555efe2ec627c4d534e699fdd130ee0966f8ef2567f366364b385aeed458878
- SSDEEP
  
  49152:TR1FwEMvZmfYItCrDMw8KUD4KMX9+Kw31:hwLZmfYqsDv8KN+
Score

1^/10
behavioral15 behavioral16
- Target
  
  bin/win64/nw.pak
- Size
  
  5.5MB
- MD5
  
  0b269e79caf87c9a46ae8c139fa66ff9
- SHA1
  
  46dea2d9024a44289565588caa50d223fd140d4a
- SHA256
  
  b93f146a82d39e06db62d4d52ff9629c4e380f81b119049e473516babe9bb338
- SHA512
  
  c9d6e1e4bf3ce37186d531c70102ca1813b2387e40ad3804b3ad133c8aebe7eb56a2dd4ea02fa2cbbcfd754ece3ae993bbe54273dd6778999d221bc4f9fc1404
- SSDEEP
  
  49152:9F6PwseuK3oSVvolWJAv5SfAo2G40FH7FSpXPWav2TU5cCI8IL/s1mF4//V1liwc:SVSfAL9vkWGGG2pLTuM6
Score

3^/10

execution
behavioral17 behavioral18

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redline@chaoiiing 17/08/22discoveryinfostealer

behavioral2

redline@chaoiiing 17/08/22discoveryinfostealer

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18