redline

Sharing

Copy URL

Twitter E-mail

General

Target

ScriptHookV_1.0.3351.0 (1).zip
Size

1.6MB
Sample

241126-yrxnxatmcr
MD5

197775071f277d3ad044304008c9e38d
SHA1

8c2885bfefcb5848d27190684f58db98b564b5f1
SHA256

18e39d11238d9ded6a88b808a02ced9247c30071b7acc4217640575901b16cdb
SHA512

2b3babb1e97fab1d01a98d0a213e931a0d1fe4b9a943d02f3c41ee5ca18d146658e1ba30a47c2d0909afdfe4cb7f90d42a7671f44c78eeba20ff1cb9cdb6eca3
SSDEEP

49152:lZwiqP06u0+ogPq2ItzKRyUoGcJgKeSRQMxxZmp44O:lZw503Pq22zgyU9KeSmMxxI44O

Score

10^/10

Malware Config

Targets

- Target
  
  bin/NativeTrainer.asi
- Size
  
  211KB
- MD5
  
  e107b94ae23ec9a56bfa1faaf7118e85
- SHA1
  
  191d9a3a09ee0cfc0754226988c0373a5f074068
- SHA256
  
  f2302573ced45cdaaf190f332deeafd3f32e179d7e9102d939608a9ab774b3cf
- SHA512
  
  86720525ebfa76628a4540a0344de29cf7135ed89dc0c38665fcc2d9ea83c0a2b9341f7d8945e54083317e2dbbb120c68afeb4a7cbbe182db5711c3638d04e90
- SSDEEP
  
  3072:UPjp1DjzsOn9DTtDs5hmmFlPV1GuV1YTrsof+/3YFoYr6SXvfVd5u:UbbD/PFTK3mydcuDa40iYr6SXTo
Score

8^/10

discovery bootkit evasion persistence
- Disables Task Manager via registry modification
  evasion
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2
- Target
  
  bin/ScriptHookV.dll
- Size
  
  1.9MB
- MD5
  
  cd43a2b1ba6045ce5a00b0ad200b422f
- SHA1
  
  c2eab741fbf7b136460f88df03ef5028de415ddc
- SHA256
  
  b67a5ad375150b6d0202694357cf8622accdb4c676be755cb4b0668dd2783f82
- SHA512
  
  5922dba362ea39d863d105e427e430844868a0a25b792339bc0aee6b3ceebb0dae30e9bc36ba9575aef0e639dc4dd22634472ee8ea9e48725505a3a8eda9961f
- SSDEEP
  
  49152:nYI14UpsHf6q+LdoVnZUM4KfeMuIArxxuuuuuuuuuuuuuvMF:Y5U2Hivden8dAArx1
Score

10^/10

discovery redline infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral3 behavioral4
- Target
  
  bin/dinput8.dll
- Size
  
  128KB
- MD5
  
  c9b973183908a6631b31ca29f863b4d1
- SHA1
  
  6b32c09f1404be8f9eb21e6c1b8955f4bf00e51d
- SHA256
  
  9fd9e02353b7d39fe07b9667f7ea2697229a7f2d0e7d389eb79eb212b1bb181d
- SHA512
  
  aa63cfba16d5c134b7478fc27b32e4b1e588f5910205e050d94b59a15f95d886ecaa4c2d494c7c3496b2bb8f386e7a540ec999190714b6e048c6bc07d1a43755
- SSDEEP
  
  3072:OBK5kXMCQ9hTn7TYgESRbApwUEfo9c+SJwVvjPIB:8K5kXMl5TYgXR02UWPrJAjPI
Score

7^/10

persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
behavioral5 behavioral6
- Target
  
  readme.txt
- Size
  
  7KB
- MD5
  
  318f1ef802b38cf1941d9c288daf1ebf
- SHA1
  
  6a3f437472f3885014fc8ec295b0002bc2d271a7
- SHA256
  
  44c098c17d2188b965961f9278757632e908b77a112170a4fb8136650db04f61
- SHA512
  
  9a7523ce9a8647f1762f66982d7c5458a117385854830b84cd15ed9e7810650f38e93a77e690f0916e76d4fbf72b398e2775d070e17c85c556ab214144402fd3
- SSDEEP
  
  96:hIKpPMQH9jO1u3Ny9DzQ9Yt/RmAAChL3kUp1Z1D1lNR43ZNKnK4:hIXQH9K1INy9DuYtJBr3bLRLRcfad
Score

1^/10
behavioral7 behavioral8
- Target
  
  www.dev-c.com.url
- Size
  
  42B
- MD5
  
  6d1062a38a2c835b32bb73df4af90fc0
- SHA1
  
  6283703aed023c2a67ca5caa524f352885d0f3f9
- SHA256
  
  8250e69c27be10f67c387b69208c4df4aa7823c487a58abffb18a47c02e5ac58
- SHA512
  
  ae3f4280cc87311f367a9ecfb355024d242de0ed1f4dd0733580d9b3e8d802888b2fa2e7ad867ba9ab398eaeab4bdb8e3bfcb245130470d5f80981c5e796460a
Score

6^/10

discovery evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral10 behavioral9