redline

Sharing

Copy URL

Twitter E-mail

General

Target

BoltChecker(Forntite Checker).rar
Size

25.1MB
Sample

241130-tf15qsslem
MD5

6f0aa33147e0911b885653307d7a0b9b
SHA1

1a072fdd0d795b21686aad44f59db5bb7b5f567d
SHA256

374e047720cd4a08c72dd381e939b27d8915c09f7a09b6a37459e6ffea49938a
SHA512

8ce016a3caa603a8952e1377d39ca86cc6f0ec33ee6f727ece5c0e22b1f360c86eaadfcde13f21b7166c4a912e9f8a2833800bce72e1bd5b8e30b4abdc8be82b
SSDEEP

786432:8sSIukyQR0nJFs8XDvTE4hCdDYMLK0MrjgZH7SB:8sSdkyK0nJFs8TvTECCOWK1rsuB

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

NOu

135.236.153.9:1912

Targets

- Target
  
  BoltChecker(Forntite Checker)/BoltCheckerV2.exe
- Size
  
  17.5MB
- MD5
  
  a650737d924ff2fd21478e4529bb1b08
- SHA1
  
  b4c0b3df300104544e9a1d659e286b0de5650eff
- SHA256
  
  50b5014765d80e10215e4a33df9f6b62cf174503437d7fb1e8efc2f9197b69e1
- SHA512
  
  2c755955e15a3ab3e1d15e06c03ad4157dfbe1bb11fa601499e94a798289b1e66b345753f2d305cb5c2e0abb61bbd6efa8937f66003302fc026ed851f6cfa842
- SSDEEP
  
  393216:JQ782hu7O7vz/61OJLJYU/VmxsYUQll9QyhslLmi4mpNz:+78Mxzz/6UJYwV9YUQlALmQvz
Score

10^/10

redline nou discovery infostealer pyinstaller
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1
- Target
  
  BoltChecker(Forntite Checker)/Compilers/MinGW64/bin/gcc.exe
- Size
  
  789KB
- MD5
  
  43acaac9b437bd941c793ca6d9e776f7
- SHA1
  
  c7de884538ea84e50127331fde9642c4b99fa966
- SHA256
  
  27d8ea1223c1cf411773a39e8ef406d1f1d5d8956a0351ba8c74cc6c87978258
- SHA512
  
  6587acc6c03afdfb7ac5e48f01978832dac491f9cdd86d1bc68f997e85000056cbfe6c27462ec3713c4bfad139f7a4937a0258eed98cede48dddacc2f17cac2d
- SSDEEP
  
  12288:TS1H1JPxbIyLdAKqchyKHxWSwbq7/8c841yZR1af23HPfANwe:TS1rxb/LfvyKHxWSsq7/8c8K0kNwe
Score

3^/10

discovery
behavioral2
- Target
  
  BoltChecker(Forntite Checker)/Compilers/MinGW64/bin/libiconv-2.dll
- Size
  
  912KB
- MD5
  
  661d92527d19257cba74a711bd3a5666
- SHA1
  
  5c02b30aa0facdce317b981eba7a46827942e783
- SHA256
  
  5e3e889409110f7b7c2400f522b31d77b64fb3ab76ccfb9733acde34a07b7ad3
- SHA512
  
  b9a5a59a82abae523db746f48465bdadd655f6553c9dfef92a3b14fd2d561e67c90605ce01210c7476c77ed688e8ef398e25ed5f319492a79cf8284dae8398a8
- SSDEEP
  
  24576:2n+PBAUZLYbB7bbTZpGavkg3NyeuQ6l9fHuf:ZBAUZLYbBRpGaXBuQQ9O
Score

3^/10

discovery
behavioral3
- Target
  
  BoltChecker(Forntite Checker)/Compilers/MinGW64/bin/windres.exe
- Size
  
  1.1MB
- MD5
  
  18cd4a34ca3111b58afd6b45d4c92817
- SHA1
  
  c1e73bf677aa8cec0cf2d11e196cceed24235a31
- SHA256
  
  f245956c930f220f0bedf355a751a5cd738b4ec6bb6c5d584199ab3fa6c0a1c4
- SHA512
  
  088207b82c8523e9c1e12f0d47eea05020ebb03e76306be891ce7c371c2ae0507037697336fc88a25fefa8f451cb83acb1adc6f9d1488917df8291e1f9e7546e
- SSDEEP
  
  24576:p57RBAzPkZ4ITfWJWhQJS8Q2wZua8iU29CmSBsrKbVT32s7NTTx6sO8C5ZuG:DgZxJaK5wZnq2sma2sxTTdRC5b
Score

3^/10

discovery
behavioral4
- Target
  
  BoltChecker(Forntite Checker)/Compilers/MinGW64/libexec/gcc/x86_64-w64-mingw32/4.9.2/cc1.exe
- Size
  
  12.5MB
- MD5
  
  72d8fe1f322d4eadbe4b825d0fbba8e3
- SHA1
  
  14111de0cf33c5608e2d800e96f0bdb8132b7105
- SHA256
  
  6ce68e248fb64e366aaa6a5fe34fbf530299337de34f03d51dac6b59c86b9a0d
- SHA512
  
  5f0e73be9ad6f5661b8a9a276966122c96453f73cf6f2dbbf10ac31eee8888c20217ac0b608f69e8302029352e620036804ee8733a5e5e62a104adad9245ffcb
- SSDEEP
  
  196608:hRehstjis1CX02vdiyLHA/wT47rMR7v37nnds8hWRJsjoPP/HcSOYJfwskFueKy6:BNizBLT3rn8ozo5NZ
Score

3^/10

discovery
behavioral5
- Target
  
  BoltChecker(Forntite Checker)/Compilers/MinGW64/libexec/gcc/x86_64-w64-mingw32/4.9.2/libcloog-isl-3.dll
- Size
  
  118KB
- MD5
  
  301bccd39510e47ba9bcb199c15319f7
- SHA1
  
  a1c0ade259f3c504e0a3d2a06b1f23218f15f0f7
- SHA256
  
  ff6cadf145cd39b19af0b4183eb7c98bbe2e9195d03ded4117be153052ad46bc
- SHA512
  
  2d692d7581ad3dc95c6222b02628dd805748ccaf5276674d5f4633d3cfc64847a6d81b87f9c82a1f866e4a0a3b48493671db4e3caf6d400304eb547c6ead3997
- SSDEEP
  
  3072:xE2cjDBANvFE4em/grHPTZZuoZDuURMF:xnIBQvFMTdZDuURu
Score

3^/10

discovery
behavioral6
- Target
  
  BoltChecker(Forntite Checker)/Compilers/MinGW64/libexec/gcc/x86_64-w64-mingw32/4.9.2/libgmp-3.dll
- Size
  
  416KB
- MD5
  
  fe5c6a36e0a8829823ba55b9d6429521
- SHA1
  
  b0fcdefd0c045c8d5b2bb7e1a95cf6a0938c8b9b
- SHA256
  
  3bd2deaddc781222f78722e1b734a91da27b9f0e679238e624d83015506a2a54
- SHA512
  
  c1134a9e515db42ac062de0a79995a7d5cc44ad67461ba960ef3239c4ce467c10af4c3a5017c0ad75197b82f3f9df53bb975e5af01ef07430e6414d13252c39c
- SSDEEP
  
  12288:V3lXwDJgHnQT177vg8oC1IYrK/j2BUxGtpnmKdl38J:rXw1gHQTt7o8oC1IYrK/jDxor8J
Score

3^/10

discovery
behavioral7
- Target
  
  BoltChecker(Forntite Checker)/Compilers/MinGW64/libexec/gcc/x86_64-w64-mingw32/4.9.2/libiconv-2.dll
- Size
  
  912KB
- MD5
  
  48e2735197d6dcdb9e770de6c9f6da6c
- SHA1
  
  2048bc4f47230541d4c41706ab63e2f2cdd0a178
- SHA256
  
  ba2285e9081fc62a7bf6f6bb3deaef88b43df5312d2aa2c5216ca061e0b3f462
- SHA512
  
  73a15c57cbfe79e69a1361833d667cdea0e12154c7ab79a31519eb507dc145e07bbae320aef62e69f94f4570bbbbfdcd15e345d491448ab54a06b3343455044f
- SSDEEP
  
  24576:Rn+PBAUZLYbB7bbTZpGavkg3NyeuQ6l9fHuf:aBAUZLYbBRpGaXBuQQ9O
Score

3^/10

discovery
behavioral8
- Target
  
  BoltChecker(Forntite Checker)/Compilers/MinGW64/libexec/gcc/x86_64-w64-mingw32/4.9.2/libisl-10.dll
- Size
  
  910KB
- MD5
  
  22ae27db2aa723df78bfb0082c8d655c
- SHA1
  
  13c22b295c23e838fded260d3dd68370f9fead17
- SHA256
  
  1d210067f31ba2d8135416c61805b22fb191add0ab2165e6da4ef549a8fab5fc
- SHA512
  
  04486ed3ce9dab682bf8307391c98c9e191805b777ba9bd490290b9a30bb53aecf8859a918ed6da0f11e52fdeec3012618a77d9895ea59edb847c33685add32c
- SSDEEP
  
  24576:05LiZSaBsEwxc6IhQN/HUq/jA/U99H5E4az3B3ijPBOXGTRkmECMC+:0cZlu4xuM/U99ZeRi0MRXECM
Score

3^/10

discovery
behavioral9
- Target
  
  BoltChecker(Forntite Checker)/Compilers/MinGW64/libexec/gcc/x86_64-w64-mingw32/4.9.2/libmpc-2.dll
- Size
  
  73KB
- MD5
  
  06bd9185c36cf58b25f3cb76eb8cca45
- SHA1
  
  aacb00411e2870f4e21b986bd73bd270f25b4468
- SHA256
  
  615088d6ae8eb77a6cfed97616a76a992843794f67a6d0e2a496dd1298a9b5ad
- SHA512
  
  a3c15d0482545091ca1de236987b12af3db4f81aadd65b306a5d04fd4dcd3f3d11759f9ea247dfeaa8e8675e038ba92cb16d1b549a8c4fc474a8acec900d5af0
- SSDEEP
  
  768:z27NsAbyiGGVuGc0ZVicV7ZPmP5lZidIkOS160/J61SlRuhxHXCZg72mFOrzxWLU:zFA7lT1KidIlKCQgLPsrYFk2trB2D
Score

3^/10

discovery
behavioral10
- Target
  
  BoltChecker(Forntite Checker)/Compilers/MinGW64/libexec/gcc/x86_64-w64-mingw32/4.9.2/libmpfr-1.dll
- Size
  
  323KB
- MD5
  
  5610d32d53b668c95c69b530c2250dd7
- SHA1
  
  bd7e2953c438fd5e8d0a353f7f07685055ba80c9
- SHA256
  
  33180906b102967534f32d640c43b9e4bf7de7c4967368a76349d45e8b490b4a
- SHA512
  
  2cfd8f398b14e76ca051a17fa2366470c2aefe0c0ceebc1b609682f2decd7ee28df13b2a0419eb6258e484d6d549ddb321d11506dc884a254d227d9a439fbfd5
- SSDEEP
  
  6144:0gncQYrc6ylNZcLsND5gs/QXiALiKiliVmTUH6:0gnbQctNZrN1bAtM
Score

3^/10

discovery
behavioral11
- Target
  
  BoltChecker(Forntite Checker)/Compilers/tinycc/include/winapi/mshtml.h
- Size
  
  30KB
- MD5
  
  1b4977437930f654a046b12589a90c47
- SHA1
  
  72dbc4c20c1a82f17e4cc205a30b79ec647edd51
- SHA256
  
  3d46cc9db05a96ce124700d9e9815a56057e75ead2f419ddb7cdc783de756e2b
- SHA512
  
  2b9d400eb7d3b83c6935d333a0a662ca5b1c9244c87ea64bc0650b11d97ca916bc10fc51f99659c4e11de4ac20cffa8ad6683d0e767569f63af983a52434f087
- SSDEEP
  
  192:5wyucJiWX4vynTap4/LM8rWlidgl08pVvucJiWX4vAPIVMRqrvAnir6Qd+nKdfKf:9rYDKdIV
Score

3^/10

execution
behavioral12
- Target
  
  BoltChecker(Forntite Checker)/Compilers/tinycc/lib/bcheck.o
- Size
  
  263KB
- MD5
  
  3f5f911e8247e4bbe9c7be4fbe36ac8e
- SHA1
  
  97f8e07c036582290673a0e922fd0c7ef246d18a
- SHA256
  
  4579a70ff3531ad43f513feda8b71638ab3c89bbcc23f2fb32af6f2f69af93e1
- SHA512
  
  d6c3dd13b42f4d45d68ed3b61b0ffe1b06909c43d4ffb70c35e24fc91e3e2293523165868c4fef9d0c2d536e8d765d5a5dd48b077676e5d17911a6d629777aca
- SSDEEP
  
  6144:Y0Nulcp7m6nQZ+zv1I4WQkd1mogWl2VR:Y0NBpqE1I47kd1moHl2
Score

3^/10
behavioral13
- Target
  
  BoltChecker(Forntite Checker)/Compilers/tinycc/lib/bt-dll.o
- Size
  
  3KB
- MD5
  
  56826fd83ba2bdae1b36b7a441e305b5
- SHA1
  
  0dd3f40d32372c40acc58dc6556e522c0cd6a7be
- SHA256
  
  03ef0f20bae1a16096ef1d92a65060259ca6899308b81ac80039497664a627e7
- SHA512
  
  0e91d099dd4484ab5fb76a3875046af37ff16c2349a3fd1c061400d7904c982395b3ec15896081dc1401596f0d82e457e00fa614b7dfc30e7c2bed4749066683
Score

3^/10
behavioral14
- Target
  
  BoltChecker(Forntite Checker)/Compilers/tinycc/lib/bt-exe.o
- Size
  
  6KB
- MD5
  
  2e95b748fae1b8bf83d476b2bc033757
- SHA1
  
  ff8b3fbf34854e9e828a0ebf1e9c31ea4409e1d6
- SHA256
  
  cf3a5ca28701b695ba3bbe9f5e960e7f79db6446c194acd715305a09add9fe58
- SHA512
  
  400ed8c7dc04010dc92143b453272fd2c750818897bb311e72b061129af8850183414446a37555d35d9467d0fe68c614dc41dadcf9878a6c2267272482a9e33a
- SSDEEP
  
  96:PeDt4wPodUe/35Wx5ne+f1uB/LNCwGrxurBhnDxex:51/5o5e+fu/LNE1urB5Dx
Score

3^/10
behavioral15
- Target
  
  BoltChecker(Forntite Checker)/Compilers/tinycc/lib/bt-log.o
- Size
  
  1024B
- MD5
  
  733579aeacf810a59a8ec20a4f7d5a1e
- SHA1
  
  714675f406098d57ca2326d7753bd86d0103953e
- SHA256
  
  49d9f4d2f239e535581d3d2b3858c47fb2ec88c34a6d441e8c98aeb8f71d1ad9
- SHA512
  
  032a9196cc597c4ecd94e5a9707e2e378e69df152ca924f3897ca2da0c3639569db6157779f22d04c180225cc4f25dc032ae4aa809e97bdb6f55ba68cf1bd150
Score

3^/10
behavioral16
- Target
  
  BoltChecker(Forntite Checker)/Compilers/tinycc/libtcc.dll
- Size
  
  221KB
- MD5
  
  018d32ce36c442b94c89a112282106ba
- SHA1
  
  d64c9b5ade44b0c766790581d31d2925f80c8fe8
- SHA256
  
  5673e555abaf7adc8856c04e2ecb63fee657aca2c1cf538f7bf4ddcfba8b78fd
- SHA512
  
  cc77978a01379cbae0c45447bb8dcbc3bee99d6fce5eecbf0b5128ca965ecc71a1b86f6ec8eef79eeb4b79af1a2f9f436eecbac2ec5880f2c10e3a5cb2cbede7
- SSDEEP
  
  3072:Uo/H0rj173sxwQYsZjqwVFg49F3UaEX6FJtdHUaXnuBRbsWJwPNAzvSEw6/wwRkI:F/H0v1oxw+9bnERbLJeE//wakI
Score

1^/10
behavioral17
- Target
  
  BoltChecker(Forntite Checker)/Compilers/tinycc/tcc.exe
- Size
  
  53KB
- MD5
  
  08c121c2147e21032d5212f3d430660a
- SHA1
  
  e93e7cca5c3ba779a36fb14e5fdb3182d745279a
- SHA256
  
  54f013a8811498a3bd20d8440a497698de96b659930001874f7c7f638f887d1d
- SHA512
  
  7b4eddb5e77d78640b56c4b970f96070bd7ed6d281f9a2d5895e7a1b4361cb5edb027068b087d71363ad617609109e6c42795022ec46b16a48cd2b468f711d27
- SSDEEP
  
  768:S5lhh+VJ2AgP4Z1sFo1DSrsXitHcidyRPDG+VpHVZvnaIOyPCFW:YhCJ2jP4Z+mDS4XoHcidGzp19iGCFW
Score

1^/10
behavioral18
- Target
  
  BoltChecker(Forntite Checker)/Compilers/tinycc/x86_64-win32-tcc.exe
- Size
  
  247KB
- MD5
  
  0317013fd9ea6e7865c09a37a201b183
- SHA1
  
  ffea3f9c19f8ea5f1c54ba9eb624a84dd0f1ae94
- SHA256
  
  8daaad81845f30e6e09615555f96219ce8dbb281c1497a2ccbdad8e42c79b718
- SHA512
  
  da23ad806d71537aa746f990ed36069848fbec64553ee7748b992d38144b5c8fe98a9056bccfacc31981f9d082ebdcedb677fe47a47babd67a8f649a750a2cb4
- SSDEEP
  
  3072:XFD5/M9pRIaD0oEjMCLxeLHjQJPJ2yWPWAAsQfFcGBzn8wEfTEL3QpfbJKJuPfMl:r09ZkJP5WhrELApd3PMM7Cpl
Score

1^/10
behavioral19

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

RedLine payload

Redline family

Executes dropped EXE

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19