redline | 87a18ffc1761342775bcb5bdbc41c5427e88fa2c3735bdc729fccff9aec0396e | Triage

Resubmissions

26-11-2024 19:55

241126-ym5tqatkbr 10

Sharing

General

Target

Zorara (10) (1).zip
Size

45.6MB
Sample

241126-ym5tqatkbr
MD5

5d726e916affcb53ea32aa735546d26f
SHA1

d12e78895074483ef2e68424f48ff8cbf01b09bd
SHA256

87a18ffc1761342775bcb5bdbc41c5427e88fa2c3735bdc729fccff9aec0396e
SHA512

04fbb730fcfca7c162933564ee404887f7584a795a33e634ef2eebba3834a6fc5ade794d1e07d8b3230eb98e1f368193d4ec9afd25d42dfb324bf74fde1482f4
SSDEEP

786432:YwSP5acPMZWQtciHpcQZ+TRNn2wSv5a3/UmUTYLyapteRjNCpPFOt8bP7JM7yF/2:Yww5lMZWQNmsQ/2wo5kU2yapARQNFw8w

Score

10^/10

redline discovery execution infostealer

Malware Config

Targets

- Target
  
  Guna.UI2.dll
- Size
  
  2.1MB
- MD5
  
  c19e9e6a4bc1b668d19505a0437e7f7e
- SHA1
  
  73be712aef4baa6e9dabfc237b5c039f62a847fa
- SHA256
  
  9ac8b65e5c13292a8e564187c1e7446adc4230228b669383bd7b07035ab99a82
- SHA512
  
  b6cd0af436459f35a97db2d928120c53d3691533b01e4f0e8b382f2bd81d9a9a2c57e5e2aa6ade9d6a1746d5c4b2ef6c88d3a0cf519424b34445d0d30aab61de
- SSDEEP
  
  49152:6QNztBO2+VN7N3HtnPhx70ZO4+CPXOn5PThDH2TBeHjvjiBckYf+Yh/FJ3:6Ahck2z
Score

1^/10
behavioral1 behavioral2
- Target
  
  Magick.NET-Q16-AnyCPU.dll
- Size
  
  884KB
- MD5
  
  fcb90f7285491223171b7c6f39d8e41e
- SHA1
  
  4f6d030cbb11c74142ae70a65844ed9b15fa54a5
- SHA256
  
  8a2f607579cf08a78bb462505a746a7d2ce345224b31987e13636f0481607863
- SHA512
  
  4b3f73d910f398b8391496450f5e341db50f4bb794fb17356ce46ab792ca0a721155695d1ceab42d23b95693a78c431d751f93df3304c3626ba4d4dd84d17f8e
- SSDEEP
  
  12288:bx1anBnIwqZVwhy1VV5P2pyxnM1GNifzZAG9u:uc7P2pyxnMYNqzZc
Score

1^/10
behavioral3 behavioral4
- Target
  
  Magick.NET.Core.dll
- Size
  
  1.5MB
- MD5
  
  724fe6af84116a31a4500a0ba77959e7
- SHA1
  
  6b2bbda89cbe6ae9de1620352709521e7ba39ed1
- SHA256
  
  3ec65591bea756fa0719f8e6378799323b17bf5b2b4cc8f54f6617eb76b19d17
- SHA512
  
  7c1b255b3fcbbbf68e1b2ca9bf5dad14bad253f68ed4488c20d629b81f8b11e3557feaecb559d3467487d19d769a98f22ec5eb46bcc1f42505460ba75274b89a
- SSDEEP
  
  24576:aJVChUunUyeazknKKKKKKn/1SD2OuaACajAyCE7ykral6Sr:aJVCeun9zw1i2yAC+AjENraIo
Score

1^/10
behavioral5 behavioral6
- Target
  
  Magick.Native-Q16-arm64.dll
- Size
  
  21.4MB
- MD5
  
  9c2cebb5ef02cc4b7d5003214a2cee70
- SHA1
  
  075ca36c739a90c0f157546a97b69f0d4a1616a2
- SHA256
  
  d04dc1841fda055713770fb19ba5ddfc0a74f8af691f757d13c97076b0f0b38f
- SHA512
  
  97f04ee8a6f463cf6b290baee916e34b3b41532146c0de73ac5b6ee62827b5ffdba38c6ed19b624db6bbb72b759b4805dfad7f166e1056ced91471ae35807237
- SSDEEP
  
  393216:ndw+dfNgXTEQcs2K9QarsOswIAp0rDSnSrX2JNBNM:JF2DmBwIAp0rDSLE
Score

1^/10
behavioral7 behavioral8
- Target
  
  Magick.Native-Q16-x64.dll
- Size
  
  24.0MB
- MD5
  
  788c7d79e142ffbc14f1c0bd7c15d6c4
- SHA1
  
  2b713c40f23633a226695f8394f66932a1de2c29
- SHA256
  
  7a9c41b8e573694f8009f38c07fecba3fa70295890eccca5ab6c393910a658e8
- SHA512
  
  8c6995bc99523dff60cd1cdd540b836bac47fe3360984569275a092a4899ef585c49ed835dd36a9138fec081f3b3c7743d0c531d2edec9e230cc23277e711376
- SSDEEP
  
  393216:Vmvwo1FoX+a2B3JKWMW9MsURIaKa5zdQ0Onh1JmNQ:VKDoN2Jf
Score

1^/10
behavioral10 behavioral9
- Target
  
  Magick.Native-Q16-x86.dll
- Size
  
  20.4MB
- MD5
  
  9925e3e2f9315572c89c3e373291bcee
- SHA1
  
  97cfc95df4a9dffba8c50c543c2e16b8d35bc250
- SHA256
  
  87e6cde832bf59784c51c1a926e9f6f74c3e4cc2b8395f6166409ceb35e7780b
- SHA512
  
  e85da9a49001863db987a289e57316fb2f172a3d0e9be2958e15fff6cd5ca69d948b4edd612665603eeee1573caed2d11f56dade1e598801b59c8b8759187ca1
- SSDEEP
  
  196608:t51olvoQLUlzsyLfiDR/yUKFhK5CF1Hqwm1LEOlygKgnKgjd7e+oGQbvNwY:avSLaR/y6um+eyyrjde+1ENwY
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  Microsoft.Web.WebView2.Core.dll
- Size
  
  793KB
- MD5
  
  092f6edfef691e68a0d90821da54d7cd
- SHA1
  
  935661fbda5af6d7418b1357e2cecea3173a42d8
- SHA256
  
  8f3886a50c398be2a202912c93cfd7c0ef7028e0bbcbe69c303bad44239099d1
- SHA512
  
  ba91454eeb5b75ecedc4f9f421c40900499df2d65e35f1e5e6635b23d43ae71247e587893b1e8f2f4266c0f7eea8d10c2556d42954e7db978872c10864a50483
- SSDEEP
  
  12288:UWEYKTpGWaCUrBt5IE3zFI26JQr+iA81hKmYYDnMiRFXTSONZvZMwDAeA+igcmKu:nE5MLvL
Score

1^/10
behavioral13 behavioral14
- Target
  
  Microsoft.Web.WebView2.WinForms.dll
- Size
  
  37KB
- MD5
  
  2ee1f3ef07d12f0f0433927a3d33f7d0
- SHA1
  
  d2215cf3e0daf99d9b77db487e0ff0de9a8bfd2d
- SHA256
  
  49cc6f438ca9550e6f06252f1949bd886374f3be70f7e74f8f7fa443cde8ad87
- SHA512
  
  58291abd71ff33b139e8b20898e5a180b1d963b68f8acbd8e46deb79ed8fb45b07805982456143f3c4cf3680bd6fb6f364805472cdcf8946af392a25609eff9f
- SSDEEP
  
  768:JJpRNRbnIfWuxCRfXikLQYZDgcEST3p4Jjrjh2jeFSUyauTv1JKia5/Zi/WG4KgN:z1R+0ikQYZDgcEST3p4JjrjaeFSUyauO
Score

10^/10

redline discovery infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
behavioral15 behavioral16
- Target
  
  Microsoft.Web.WebView2.Wpf.dll
- Size
  
  80KB
- MD5
  
  b7943911ea67094d4fdc5bad7d48541d
- SHA1
  
  3d5527b3842ddce95dedbe731673ea6797654229
- SHA256
  
  becdeee0a3499b2114c9359a16f325135450003a8a8e3ffd28d204f6ddab2d59
- SHA512
  
  b4e59d3272a5ce2787daf5a8c28d44e188958cdaf083d5828bd6e1330a0044067a522079a30ebd5ce9ccae676b51ef2b2669fcd8baa05fceb3a9673ac7461022
- SSDEEP
  
  1536:Glz9veaOXft6NCAwpUMTha87Y1DHfFWyEb30mpc4Jjr4YeUq+HhxU0udwzvUuokO:Kxsl6NHJMVa8+DHfFC30mpc4Jjr4YeUs
Score

1^/10
behavioral17 behavioral18
- Target
  
  Monaco/Monaco.html
- Size
  
  11KB
- MD5
  
  db7e3a690203460cbb24153600279035
- SHA1
  
  03d96054c113d17fe9567611d126c152850ba6ed
- SHA256
  
  43ee73754c536a8c72ec880e83edcbe2265ab7a7c9f160abf81c0c4db151c1aa
- SHA512
  
  9b9dc12919ba9afc5146959b8a9335db8e8070b497678681214af00e69f4217c2257fdc722dbca063a5a51dd31dcdd666289b21919511de05faee4e37240c1d8
- SSDEEP
  
  192:o1pbX0ggAbOmaW4Qv2OjLN3V1VFDwFgBsK4u24FzG:Q0ggAbOmSbYpV1VRwFgBs9SS
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  Monaco/vs/base/worker/workerMain.js
- Size
  
  174KB
- MD5
  
  9ce9e46b6d66d8b2dbcabba577cad2ed
- SHA1
  
  397b0e9e7b2bee37a8444e84bb9788a0bdcb023e
- SHA256
  
  19b566655d73370a820a7d6fffe7af03dba3af4997016c0983be5bd188603ec2
- SHA512
  
  f322ea669fa81397066edef062721ae3dd515b3d61c4ad7bef0db0eb3a53f056da298fd4f761bd3e5d613e6f5803a7c35ed056085ac3b97e06c7bfd47fffad49
- SSDEEP
  
  1536:mi5eQeCEwCP1m9JXKmA1xKzyOQJf9X2K7eM9bWXsUK5QSkSoIMQwr+ZjtQYyeTMO:mHTdkKmA1yyOQJl2K7ns6dZ/RVaNzY
Score

3^/10

execution
behavioral21 behavioral22
- Target
  
  Monaco/vs/basic-languages/lua/autocompletes.js
- Size
  
  2KB
- MD5
  
  eb6fde8de905af68c855a2506c8a8204
- SHA1
  
  32b172578f398151be79f78bdeb15eeff4a83020
- SHA256
  
  1fbe4337327ef99c9caba74678cfff28652606fd667dbca34f12e809738010d9
- SHA512
  
  6e95ecdfbabf20c2e717006ea00fa92d79e577cf262460cef7f3db7bb4fa87585bed99b6a1bd1d865c5e5184044b0244aa0823580c9444b1f2ff013057f54235
Score

3^/10

execution
behavioral23 behavioral24
- Target
  
  Monaco/vs/basic-languages/lua/autocompletes/base.js
- Size
  
  521B
- MD5
  
  29e50887a6f1c445e0f63bed73eefb83
- SHA1
  
  b8e006b9ad14bb6012497e164d9a4f926e2d568d
- SHA256
  
  9a6c60193eb2dda7c2682bf9c7ff7e01b0f6000d70881583f0055782c8b2c619
- SHA512
  
  16cc7fd8b5641d347a6a9e8542a6ab29d71a432dfb2f72dae05b21b274d92208ec7c5a9ad1ba313658f3a68aebd9edc3d0bcbf07a03d0f16eae95568f175dbf4
Score

3^/10

execution
behavioral25 behavioral26
- Target
  
  Monaco/vs/basic-languages/lua/autocompletes/classes.js
- Size
  
  33KB
- MD5
  
  fabe9b3ec7774eb374f18709ab41c8c0
- SHA1
  
  de6c19413ef008000357bccea90faf0d23ccf605
- SHA256
  
  75418233aff9a1401f6c467f8ca20999803436bc1ebb463123d1fb94dcff1f38
- SHA512
  
  d7b4a9dbfab0ec55e27b2ded86066b37ebea7d50b3b6b28f44c996f8280463176f1107c6bf15a52fb700f88ac3e0e7b87fb8a50664da9b31fc0e89a38d2055e9
- SSDEEP
  
  768:EDVdzN+yYumzw/Wx5nYCH0e2zBsGMPv3lHhj4MyjKG9jn9/j7NFvHR0hT/YEkd3M:H6/W3YCUpqUDW
Score

3^/10

execution
behavioral27 behavioral28
- Target
  
  Monaco/vs/basic-languages/lua/autocompletes/classes/DataModel.js
- Size
  
  11KB
- MD5
  
  287b74a1ea581434cca8f9009f1489f2
- SHA1
  
  877544929146171e416cc8fb33b0e7e49845df3d
- SHA256
  
  ce2e06aaa97355c4f68a0793c41d4e068b3e1a225f5376d9dd3f4016e0441c7a
- SHA512
  
  4cd7b324ccde3fbca94ab948c4d831655125d6d4e2b237291b8e68f172cb375002c7ccdc49c3cfcf4ab6b7d65850d1a40bcc3f9979498eec697bae43dec7b54f
- SSDEEP
  
  192:AJCfeXBM5iG6zUMmY7QMlr4qLYFQjG6AcE103aNd9xZAqGQ2qFARewPxHFTX0:9feXB2iG6zUMmY7QM54qLYFQjG6AcE1X
Score

3^/10

execution
behavioral29 behavioral30
- Target
  
  Monaco/vs/basic-languages/lua/autocompletes/classes/Enum.js
- Size
  
  594B
- MD5
  
  4d0ec8edaec389b1eba92c1d18676f09
- SHA1
  
  6eafd8ed47700b9a2ff1e10dd7468e50fab1bf6d
- SHA256
  
  9bd9c85c5d1f476e663889ab2008f83b323c8d794abb0df35d43091c689ef64d
- SHA512
  
  d4c7655d7db8d4f7d4bb2d0add36bef916caf291b2855785685a3e812279369848ce081ac6fb5cc869fb827653a4a1f874273af17bee67987e3c3a441ad368e8
Score

3^/10

execution
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

redlinediscoveryinfostealer

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32