General

  • Target

    fa90c1ce5091f4d285a55c4e43bb4407

  • Size

    16.5MB

  • Sample

    241111-gffgtatfrr

  • MD5

    fa90c1ce5091f4d285a55c4e43bb4407

  • SHA1

    90668618dd1dd7dba41524fded65fa5483440f8c

  • SHA256

    099e3dcb3007860231abb3daeb6a143b0751ac58a4ba922a01cd8e30fd272edd

  • SHA512

    13a4fe1881eac6507ea41df4efaa7b250b112fca6b02d85d2df0646a9878702bdf593f638597eca3f51a33d9ea12faa9f10b6f7035bdc3404b3cf599ed2a9650

  • SSDEEP

    393216:1jf4wfk+3x52IrmVe/XuoGnOY3km3j3VJcVfI:th5oVnoGZkmhqVQ

Malware Config

Extracted

Family

redline

C2

91.241.19.112:37425

Attributes
  • auth_value

    34bb978ec3dd4134ac25d29f42e3b5f1

Extracted

Family

redline

Botnet

Miner

C2

144.76.109.221:33395

Attributes
  • auth_value

    243e02b1bf28d6d47dc8922484f9379a

Targets

    • Target

      Elden Ring Auto Trainer by AHX/Install.exe

    • Size

      614KB

    • MD5

      6e527f0d52b5b6d5cf921deca229080e

    • SHA1

      dcd732cdaae9b6eb45b48ea8cf94cb28bcbd12a3

    • SHA256

      50dbe502222f03108d213cc3bd77a67b21ac94b224e9302ddfdb533896ea33b8

    • SHA512

      e34f9f689fef8812abb90f9dcbc7ec9176c8fb8bb64c420406202dd78a208135c4f63bb9a2020b8749f1d525f62cb7b682c37bf2bcfdf1909e0b65f5a1508412

    • SSDEEP

      12288:cKaJfGfMdfBoRUAZCOkHPFhnzmRQS03ULaHNqrxlKIQNoZmu5sb5Zh9a2ypiD:csfZz0vPFhzmRkEaHNYK3MmuO5Zh9v5

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Suspicious use of SetThreadContext

    • Target

      Elden Ring Auto Trainer by AHX/Privacy.dll

    • Size

      188KB

    • MD5

      6d78126737c164c87a59d9c2c0f48e6a

    • SHA1

      a5215defbd32695a4a6df192f5a1c1e41bb43d53

    • SHA256

      3e3a99ea6001ee6f91d510c04f48029e360054225cce368e5fde1de5af0f98ee

    • SHA512

      e3d6510081d34bdcfb4663c9a142857009b14a51fd95a05585faf82d552789b33d0429f383a0eb5f8c7dd3b16682399c95ef15f64cb6dac9e00007392b1ad95c

    • SSDEEP

      3072:ftv/TEiRFjZUZn7ODcag9P2v5PR8TB0SrzLmJJ:f9/Qi/ZUpj/P2hPR8ddLmJ

    Score
    3/10
    • Target

      Elden Ring Auto Trainer by AHX/ReAgent.xml

    • Size

      518KB

    • MD5

      8332d5677770726d35675084a66709ae

    • SHA1

      65e528aeff6e6893b309eddb4d09749bb5893ae6

    • SHA256

      b48850a8fbcdb386df65cd60808c68c6146235d1ace5109ed348d0b92fc27e73

    • SHA512

      a547f609e5cd88a94ff0b70e3f1152ae0f130044943b458dacb50af25c0b31d66a339ddc60f3607b251becc73b69686748571af22c19ff0633731766f684d28f

    • SSDEEP

      6144:ckr84wGGP3us0d66DrOZkdxNVJXK+V35G9R2w/H6GGfdH8aZZwpVkAOaaS2U2lvq:wG+3g6Ax/JXKy5hE6Ge90JEZU2lvzz6

    Score
    3/10
    • Target

      Elden Ring Auto Trainer by AHX/RulesAPI.dll

    • Size

      3.5MB

    • MD5

      4f333515104ac20241a545bf9945b3a9

    • SHA1

      f2ac156d58bce2c84e9d4b8b3a59bfc95f339425

    • SHA256

      dc5dd805def20ed643e125f6520e2f6f776fd8d3bb51682c60d73d1a698d003e

    • SHA512

      46ab1c666d3ef6a3557c698a8c04f89a23d77e93d8f3b396becf2114ee7a0697b26f283472592c6865d3f72143673eec2d89b97d37154ae6f5954caa40abde1d

    • SSDEEP

      49152:CCwqLc9Q5h8miS4sJrhs7VCUrhQmWYXHgvHl:CsI8h5s7VCO7WYG

    Score
    3/10
    • Target

      Elden Ring Auto Trainer by AHX/unins000.dll

    • Size

      3.5MB

    • MD5

      4f333515104ac20241a545bf9945b3a9

    • SHA1

      f2ac156d58bce2c84e9d4b8b3a59bfc95f339425

    • SHA256

      dc5dd805def20ed643e125f6520e2f6f776fd8d3bb51682c60d73d1a698d003e

    • SHA512

      46ab1c666d3ef6a3557c698a8c04f89a23d77e93d8f3b396becf2114ee7a0697b26f283472592c6865d3f72143673eec2d89b97d37154ae6f5954caa40abde1d

    • SSDEEP

      49152:CCwqLc9Q5h8miS4sJrhs7VCUrhQmWYXHgvHl:CsI8h5s7VCO7WYG

    Score
    3/10
    • Target

      Elden Ring Hack/Elden Ring Hack/Injector.exe

    • Size

      541KB

    • MD5

      52e6bbb65ed55ee3c31ec267e449c0c3

    • SHA1

      7cf7bb2423958cc3bcf97f0d3731b6a4983b20b9

    • SHA256

      aa8a6522e4783613d9586884e60b07b34a3b6194d05e8a63113459c1c8e4148f

    • SHA512

      edf900db4325109f2a62a2ed8477bd1c6636d2d2cac96ab17456a75f873b49f7ea6978b5c84efd32eb08d9b5065235830014eafb155bc68944357def5ebace60

    • SSDEEP

      12288:7GCFYTX0wnz1xFYWbF1rKQEBQS03ULaHNqrxlKIQNoIEqolY3NVzrEeqDv:NukwnzLaWbF1rNEBkEaHNYK3D7oy3NV8

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Suspicious use of SetThreadContext

    • Target

      Elden Ring Hack/Elden Ring Hack/Start Hack.exe

    • Size

      347KB

    • MD5

      457419b283ec8858030a38800f7cbc57

    • SHA1

      4721a55a6603f3acec80b9c70c0a344e171906f1

    • SHA256

      3acaf959542823d3271ea68b8b42c2d08ce7915b7b702516e639beb34e6ba67f

    • SHA512

      ed406144e6ab93d3afd27d5e0d4aa81a6a4116a034be51ddf01e745c93f848c7cfe6a06bfd5afe48a24d63c89615276cc0e2bccbf1c703b59b98b5b7e3cdc924

    • SSDEEP

      6144:Kx68Q/qBe9XzjvL6TqLKDRdeD601Wm6/qeF/U8cpbNlsSCkDb1cftr6Qu4EAluzq:yURVL6W4da6V/qNpbNlekGftr6Qu4EAD

    Score
    3/10
    • Target

      Elden Ring Hack/Elden Ring Hack/gameoverlayui.dll

    • Size

      85KB

    • MD5

      42b1188016fbc733b8d2b02a84842504

    • SHA1

      5d24a2e9eb4b380f07f399785b5d155d568e278b

    • SHA256

      46c99450dd8b48cda9f7a2a0905ec157035356e4931f7fca38d403b29aa3c964

    • SHA512

      db2b3aa0de830bed4f664e76a0997899bd2c8cc25cfb34fec64b9c996630b4ec4b5a22654498ba80e741efd4cb6d4d230c3dcbebb3d43e3adaa2a34db6f585e8

    • SSDEEP

      768:QnLahMWEj0oVjlL7qcQ0v6C3bI9pP3bv5nLahMWEj0oVjlL7qcQ0v6C3bI9pP3bM:eah7EjHjEcYZRbvVah7EjHjEcYZRbvk

    Score
    1/10
    • Target

      Elden Ring Hack/Elden Ring Hack/inject.dll

    • Size

      5.4MB

    • MD5

      d820cf1bbf2aa9fdfdb1867d7ddc3a3b

    • SHA1

      7e195a8fee3b7ac9d7f4a8fac959a92380bafb9b

    • SHA256

      ddb1dfada8a2916da825665c2b766c3dad51c39ee8309ee246ef328a7163b293

    • SHA512

      d0e9b95e95eb112015eb9a79be4d55163b8359c4308dfbe519dd687b36f9182218c0b62813a6c06790b058cf619b79032f7da883a40b71a481b80432e13b03fa

    • SSDEEP

      98304:wOvd5Amv+t4vK1slUriSG/V9scmgL5xOT+:Bd5lv9vKh+SYmW5t

    Score
    3/10
    • Target

      Elden Ring Hack/Elden Ring Hack/mssdsp.flt

    • Size

      54KB

    • MD5

      a41226ccdf8f4553960364e01d25e75b

    • SHA1

      f1b7416b048fc7a0d2c3f91addc72d703e512cf2

    • SHA256

      db4d5d314c245b664710d413d1499d6572de3330eb888cc5a693b65365d4ecd8

    • SHA512

      c036b9eb510832e53a334678e9267391513506ee39ca1940019150e4ce29425c60aa7cce5c141364d60bf8bebe3b2054e57973187cea89c5f408e56f375f2341

    • SSDEEP

      768:JXoGFGoxWJMAYQEg7fku//+MgLUkQSB8mo0wgcPSWhzyP7yolSeQoAImHhdJcynu:JEMAYQCqJPStoQnlWd

    Score
    3/10
    • Target

      EldenRingDXWEB/EldenRingDXWEB.exe

    • Size

      602KB

    • MD5

      0811b5b14f45956074d3b527d4ca2888

    • SHA1

      1063a9c3e076da2701218fca886cf909b0a9d036

    • SHA256

      b306946be927e7878f8f34acaabadf26c423d42a4e7735d97644d70fcd7b4ae4

    • SHA512

      d8bcf94f4b8fa3fe61d67230a9f897f672b35ab4ab376e26d50aaf1f272dc0394c39d6906a3227d2a0baf37b7b1374c80a401e8b31e21055d4767417360b7eaf

    • SSDEEP

      12288:ij2CrqE8rucnCpDFhmk0J+AG7uG8KQS03ULaHNqrxlKIQNoZTC+K5DyoxjFrZgM:ijHq9ruIGYJ+/7UKkEaHNYK3H+K5DyoJ

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Suspicious use of SetThreadContext

    • Target

      EldenRingDXWEB/bin/d3dcsx_46.dll

    • Size

      31B

    • MD5

      a05e1db9cf3a3d134a738a4b5e9bb2ea

    • SHA1

      b2a3bdea3d376eea67830cf03cdba0ba75d754a6

    • SHA256

      3780f8b797f0ba67fbf829f138e477c25fae1fce6096fe8bfa3d35b02ca487e2

    • SHA512

      53e9d1a08510d92d1d92e7ecdd7deb6acebc481ca17d088e4d8168c7202e82d00b11efb9e7e22e747791f8daaa27d7877eb46a25e878ca54998d28aa44d57504

    Score
    1/10
    • Target

      EldenRingDXWEB/bin/libavutil-56.dll

    • Size

      1.2MB

    • MD5

      e92b2a70e309ad25187763bd6766453d

    • SHA1

      0c3ce0958f94fe3d05131215fe9362e70cb1d9d9

    • SHA256

      7f86dfd5350be7f418cf3dc775e0779c494c1b475469d86ef925cd80f2b02965

    • SHA512

      93c1a32400fd47f0786cdc459b40165c8b169d412ec8655462098d6ee30b14d0d6df52fe4a3a791a4f27dcf00905ca24ba5aa81507ed2962aa8206f06cd43683

    • SSDEEP

      24576:ZNaqXQOc91yBH96gUtvWv2xDwT6WW4UL62/UYIQ3f:ZNFy91iH96gUtZ+GUqP

    Score
    3/10
    • Target

      EldenRingDXWEB/bin/libfreetype-6.dll

    • Size

      563KB

    • MD5

      d252e360b874100bcfb540b76f590cb8

    • SHA1

      262f9c56c8f969eaecce398f33c7bd284d78831f

    • SHA256

      bdf79668cc636dd41b01e803aa30719e0e0ca31c91ca9954c53f1e30963bc4ea

    • SHA512

      6a1c8f2437cbce4740834956ac536f58453ab03475e42c515f1c19fabd930bda5998d11a7b6c18d69412ebb833fcc6ce635f4b0f3b942052797f78d3c2bad44a

    • SSDEEP

      12288:BV9xK/GBuu2YHT11yfCcYry+57TkfEWm:fLqGwYPcW37TVZ

    Score
    3/10
    • Target

      EldenRingDXWEB/bin/libharfbuzz-0.dll

    • Size

      1.1MB

    • MD5

      0f8da7e028059afc2c353efcf20b8260

    • SHA1

      61f515d71b9a669bdf8fb2e5ca1d1c6d98ab548b

    • SHA256

      7eda2fbda38e296895251f750dbd829ab5b742bd691b442efe5ed49657a44b75

    • SHA512

      b745b0a5a59d1010b6bdb9f95389a65436de9969acb2bd80f82dd5d18db7085812c4c22aab171632a9b9c973777faa20b7571a44663745babeae41396e8e65ea

    • SSDEEP

      24576:xb6Xr7WgAFLrm2ibRN59KKM/+7/Z7TGZUu35O8dx0FUG:xWXEprm2SBFam/4ZUu35AU

    Score
    3/10
    • Target

      EldenRingDXWEB/bin/libswscale-5.dll

    • Size

      1017KB

    • MD5

      4bb50038bf248cdbfb809d8fe1907c9d

    • SHA1

      33c96a5a65ff3a0cfef2cef9a959763dab3d2780

    • SHA256

      25749f1fbd0d7805ba66a4f07c72729de8ff22bcd32242fe1db2889b972b5978

    • SHA512

      ec8765c4314cf28a0f3104d20cdc58dcf5ce43e3b9e6a5e7247e0ccafe0c0fa1a891226d240bf00ad38bfd1a45b8d89592ec353afad13bfddbaba368343cc6d0

    • SSDEEP

      12288:o+okcbiVCWsfCfICQaRCJua9jmG/zDvCNZYTAedYMHLEDZ/pa0L2zRbhAvJPz2Ij:onkcbLAvZz25KgXgbVBqbOa+R

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
3/10

behavioral1

redlinediscoveryinfostealer
Score
10/10

behavioral2

redlinediscoveryinfostealer
Score
10/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

redlineminerdiscoveryinfostealer
Score
10/10

behavioral12

redlineminerdiscoveryinfostealer
Score
10/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

discovery
Score
3/10

behavioral18

discovery
Score
3/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

redlinediscoveryinfostealer
Score
10/10

behavioral22

redlinediscoveryinfostealer
Score
10/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

discovery
Score
3/10

behavioral26

discovery
Score
3/10

behavioral27

discovery
Score
3/10

behavioral28

discovery
Score
3/10

behavioral29

discovery
Score
3/10

behavioral30

discovery
Score
3/10

behavioral31

discovery
Score
3/10

behavioral32

discovery
Score
3/10