redline | 97c05247d54a2939e9744b71a2a937a66a279518455abb50989380558dbe94fb

Sharing

Copy URL

Twitter E-mail

General

Target

redlinestealler2020.rar
Size

2.1MB
Sample

241207-tbgwaswpew
MD5

65f91d3c7fe04822bcdf957b4bafd29c
SHA1

5d13f4d7e7bc71616e0ca41008bf69b29da889d8
SHA256

97c05247d54a2939e9744b71a2a937a66a279518455abb50989380558dbe94fb
SHA512

0eb9c488fd3214a287e49d1c190ba60107e7c1decb0671259366d9193f6ef10f4948b42c60b6d9bba908323337e73bfd543cd5320e28c023dd581aae6182912c
SSDEEP

49152:xsfWQqO5YVqKSP13XKjzvv/5B+gehyl30ynqkwAUgs:xsfRqO5GSPdXKjb//+o31wAVs

Score

10^/10

Malware Config

Targets

- Target
  
  Libraries/Bunifu_UI_v1.52.dll
- Size
  
  219KB
- MD5
  
  5eca94d909f1ba4c5f3e35ac65a49076
- SHA1
  
  3b9cb69510887117844464a2cc711c06f2c3bd19
- SHA256
  
  de0e530d46c803d85b8aeb6d18816f1b09cb3dafefb5e19fdfa15c9f41e0f474
- SHA512
  
  257a33c748dfb617a7e2892310132fd4abf4384fb09c93a8ac3f609fd91353a4f3e326124ecc63b6041ac87cf4fcc17a8bdca312e0c851acd9c7a182247066ea
- SSDEEP
  
  6144:o1uzZh5rYAuBjtnkbxuzZ7Mg3i3hJtm4Fw2hHQHcHKaPUb:Ku1higb4zZR+9mcHX
Score

1^/10
behavioral1 behavioral2
- Target
  
  Libraries/GuiLib.dll
- Size
  
  50KB
- MD5
  
  eaf9c55793cd26f133708714ed3a5397
- SHA1
  
  1818aa718498f0810199eca2b91db300dc24f902
- SHA256
  
  87cfc70bec2d2a37bcd5d46f9e6f0051f82e015ff96e8f2bc2d81b85f2632f15
- SHA512
  
  b793ae1155bd7be247b42c0fc1bc53e34cf69e802c0e365427322dac4b5cc68728d24255a717aaffa774b4551a6946c17106387cff4cfdb6ce638d8a4ecab4d9
- SSDEEP
  
  768:CXBWBHqfkC/Wcd1V4+8dUQeEqUNVugMP26lunzWWeddVV:CXiWJ16+8dxeAVuAWWed9
Score

1^/10
behavioral3 behavioral4
- Target
  
  Libraries/MetroSet UI.dll
- Size
  
  436KB
- MD5
  
  f13dc3cffef729d26c4da102674561cf
- SHA1
  
  5f9abff0bdf305e33b578c22dada5c87b2f6f39c
- SHA256
  
  d490c04e6e89462fd46099d3454985f319f57032176c67403b3b92c86ca58bcb
- SHA512
  
  aa8699c5f608a10a577cb23715f761ee28922c4778f5ea8a5ec0a184e1143689fba5a08003fd5cbf3c7dd516eac1fddc8c3f9efa1d993ba1888e87b70190c08f
- SSDEEP
  
  12288:oE4n7EmAqNv8MkCvzMTlCPRSoWzz7QYaIHtMhPrYDK:oE4n7xAqN0MkCvzMTlCEoDYFH2eDK
Score

1^/10
behavioral5 behavioral6
- Target
  
  Libraries/Mono.Cecil.Mdb.dll
- Size
  
  42KB
- MD5
  
  dc80f588f513d998a5df1ca415edb700
- SHA1
  
  e2f0032798129e461f0d2494ae14ea7a4f106467
- SHA256
  
  90cfc73befd43fc3fd876e23dcc3f5ce6e9d21d396bbb346513302e2215db8c9
- SHA512
  
  1b3e57fbc10f109a43e229b5010d348e2786e12ddf48a757da771c97508f8f3891be3118ff3bb84c3fd6bfa1723c670541667cdbf2d14ea63243f6def8f038cc
- SSDEEP
  
  768:Cr5EYZep98C87KHeBUZwrEF7b+gxfM3AkMus4iWJq9F4CRIcZwMRTIzyAt9U2:Cr59g98C87KHeBUbwgKirbdwMRTzAt9l
Score

1^/10
behavioral7 behavioral8
- Target
  
  Libraries/Mono.Cecil.Pdb.dll
- Size
  
  87KB
- MD5
  
  6cd3ed3db95d4671b866411db4950853
- SHA1
  
  528b69c35a5e36cc8d747965c9e5ea0dc40323b8
- SHA256
  
  d67ebd49241041e6b6191703a90d89e68d4465adce02c595218b867df34581a3
- SHA512
  
  e8ae4caf214997cc440e684a963727934741fd616a073365fa1fc213c5ca336c12e117d7fa0d6643600a820297fc11a21e4ac3c11613fba612b90ebd5fc4c07e
- SSDEEP
  
  1536:fU2qJ+RazRt/Kc4oJiOxFR4NdJF0/RfhF46HAoYKHgPzpS6w7fa1C9r:s2MRtrfrR+Pe/xAiAzpQ7y1C9r
Score

1^/10
behavioral10 behavioral9
- Target
  
  Libraries/Mono.Cecil.Rocks.dll
- Size
  
  27KB
- MD5
  
  c8f36848ce8f13084b355c934fc91746
- SHA1
  
  8f60c2fd1f6f5b5f365500b2749dca8c845f827a
- SHA256
  
  a08c040912df2a3c823ade85d62239d56abaa8f788a2684fb9d33961922687c7
- SHA512
  
  7c47f96e0e7dfaebb4dccf99fa0dda64c608634e2521798fd0d4c74eb2641c848fadad29c2cd26eb9b45acdfef791752959117a59e1f0913f9092e4662075115
- SSDEEP
  
  384:E0ve8JOuJTiC7n2NwxEXCnjB+RXcMeDz8PmR1ugLoaeuLMBG9UphJAprjEduFLHJ:E+meiCyrXOwS8uRssveum1peFLHFBbO
Score

1^/10
behavioral11 behavioral12
- Target
  
  Libraries/Mono.Cecil.dll
- Size
  
  337KB
- MD5
  
  7546acebc5a5213dee2a5ed18d7ebc6c
- SHA1
  
  b964d242c0778485322ccb3a3b7c25569c0718b7
- SHA256
  
  7744c9c84c28033bc3606f4dfce2adcd6f632e2be7827893c3e2257100f1cf9e
- SHA512
  
  30b3a001550dca88c8effc9e8107442560ee1f42e3d2f354cc2813ae9030bf872c76dc211fd12778385387be5937e9bf172ea00c151cab0bca77c8aafdd11f7d
- SSDEEP
  
  6144:jFzzF5VOCxfiKKhsw4NiL0XRzx9WoCklyus:BdfiKI4RzWSyu
Score

1^/10
behavioral13 behavioral14
- Target
  
  Libraries/Newtonsoft.Json.dll
- Size
  
  683KB
- MD5
  
  6815034209687816d8cf401877ec8133
- SHA1
  
  1248142eb45eed3beb0d9a2d3b8bed5fe2569b10
- SHA256
  
  7f912b28a07c226e0be3acfb2f57f050538aba0100fa1f0bf2c39f1a1f1da814
- SHA512
  
  3398094ce429ab5dcdecf2ad04803230669bb4accaef7083992e9b87afac55841ba8def2a5168358bd17e60799e55d076b0e5ca44c86b9e6c91150d3dc37c721
- SSDEEP
  
  12288:Lf9WGsSVSM2mxL2nRiOr8gUckc6V/g2GhBzj05cH:7XNL2PVh6B+Bzjmc
Score

1^/10
behavioral15 behavioral16
- Target
  
  Libraries/RedLine.SharedModels.dll
- Size
  
  29KB
- MD5
  
  bee2969583715bfa584d073ac8d98c42
- SHA1
  
  37d1221ce6bb82e7ad08fd22bd13592815a23468
- SHA256
  
  5f92db78e43986f063632fb2cfafdce73e5e7e64979900783ca9a00016933375
- SHA512
  
  5c139b81a51477d8362be2bf72b9f2425d54ef67b4ad715fbe8aa11f8a57435abb7f23a7ecaee18611e559d1006c0df5dd3427b6e7c3caed38d8cffd79e4bb1c
- SSDEEP
  
  768:OqYS91uYM7KwU+QJDqnCz2iiMkM16dTS:OqYSqfOwTgDqnLZMn16NS
Score

1^/10
behavioral17 behavioral18
- Target
  
  Libraries/System.Drawing.Pen.dll
- Size
  
  2.7MB
- MD5
  
  1d4e91345a76c90e0849c9389e66fe8c
- SHA1
  
  744393f64d9f95a987605ac14b721dbbc985901c
- SHA256
  
  1d820d1c1e9d661603cd32177fb128c9a6844fe2492b6fbb3120bd37553663b0
- SHA512
  
  e0c5fa5c9141e139d529b80058c1ff8fb252116076c57fbea106ee2500cb23d3a91b76f6348bc0bcf465acde510463352a960eefd29198f4068661342cbd28b8
- SSDEEP
  
  3072:tblKLY+hugA/JMGI+3TBb3K65tKMFL6uOqKXyeHD3Q6b7cvWUevzml01xvS0yiEt:t
Score

1^/10
behavioral19 behavioral20
- Target
  
  Libraries/Vestris.ResourceLib.dll
- Size
  
  76KB
- MD5
  
  944ce5123c94c66a50376e7b37e3a6a6
- SHA1
  
  a1936ac79c987a5ba47ca3d023f740401f73529b
- SHA256
  
  7da3f0e77c4dddc82df7c16c8c781fade599b7c91e3d32eefbce215b8f06b12a
- SHA512
  
  4c034ff51cc01567f3cb0796575528ca44623b864eb606266bcf955a9259ed26b20bec0086d79038158d3a5af2ada0a90f59d7c6aae9e545294fe77825dbe08b
- SSDEEP
  
  1536:CSSYikTF0Z+sFGu11tIcyI1MtI9eDG3fL7:CJYD0Z9FGu11teI1r9ea3
Score

1^/10
behavioral21 behavioral22
- Target
  
  Libraries/builder.exe
- Size
  
  668KB
- MD5
  
  628f7b5ea6bdab4fce2f684e925a6c58
- SHA1
  
  af4f1efc095641ca6aa1b104346364c95c454dd0
- SHA256
  
  6fb8a784ea49e2dfedad52a6f381c5936107cbafaef16d92361fb50ad7e13295
- SHA512
  
  45b2accb11b1da8337a88a1546043405a02599220d4731e15641f5c18ba622ddf5e306a8eaa286d429d1d7baa79e0af9f5fba50f65f0fa31266f518e241ec595
- SSDEEP
  
  12288:MXes/7Zk2HDnVn6eexZggOZDwV9KOZxOy+h5KBsMRkM4zXywybl95P:022HUbOZtpKJt
Score

3^/10

discovery
behavioral23 behavioral24
- Target
  
  Libraries/protobuf-net.dll
- Size
  
  274KB
- MD5
  
  d16fffeb71891071c1c5d9096ba03971
- SHA1
  
  24c2c7a0d6c9918f037393c2a17e28a49d340df1
- SHA256
  
  141b235af8ebf25d5841edee29e2dcf6297b8292a869b3966c282da960cbd14d
- SHA512
  
  27fb5b77fcadbe7bd1af51f7f40d333cd12de65de12e67aaea4e5f6c0ac2a62ee65bdafb1dbc4e3c0a0b9a667b056c4c7d984b4eb1bf4b60d088848b2818d87a
- SSDEEP
  
  6144:M+mGOqp3p9xOhav/ZcaiysIN5UGr8fnd0OJNGyo:JOqp3bkhUZcbyP51rACGNGyo
Score

1^/10
behavioral25 behavioral26
- Target
  
  OpenPort.bat
- Size
  
  94B
- MD5
  
  cf1cc90281e28cee22dce7ed013c2678
- SHA1
  
  2f213a71b76db3e51ad2d659f84dc1f3f90725fb
- SHA256
  
  84399f8bccefa404e156a5351b1de75a2d5290b4fddd1754efb16401ed7218ef
- SHA512
  
  2b61c1da7cc66506537719cedab82f172d2ac1af4df69513ba64507a5ed67989974f81791faf08c5855580df53f564600381be34c340b825f1f01919948921e1
Score

8^/10

evasion persistence privilege_escalation
- Modifies Windows Firewall
  evasion
behavioral27 behavioral28
- Target
  
  RedLine.MainPanel-cracked.exe
- Size
  
  668KB
- MD5
  
  628f7b5ea6bdab4fce2f684e925a6c58
- SHA1
  
  af4f1efc095641ca6aa1b104346364c95c454dd0
- SHA256
  
  6fb8a784ea49e2dfedad52a6f381c5936107cbafaef16d92361fb50ad7e13295
- SHA512
  
  45b2accb11b1da8337a88a1546043405a02599220d4731e15641f5c18ba622ddf5e306a8eaa286d429d1d7baa79e0af9f5fba50f65f0fa31266f518e241ec595
- SSDEEP
  
  12288:MXes/7Zk2HDnVn6eexZggOZDwV9KOZxOy+h5KBsMRkM4zXywybl95P:022HUbOZtpKJt
Score

3^/10

discovery
behavioral29 behavioral30

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Modifies Windows Firewall

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30