General

  • Target

    Redline_Stealer_v30.32.rar

  • Size

    35.9MB

  • Sample

    241218-lk1qrstkcs

  • MD5

    83b7d7b372b0301530afa139e0ea789e

  • SHA1

    2a70ea95310abe1cf460bbc9d24d1f559f9e5427

  • SHA256

    f769860a072bb26c3b311405c9549264362927ed2062553568261cbe3ae601f5

  • SHA512

    ed915cc76f34ff41067fb432b87f9d6f31237d665aeb8c24d38d429e97cdaca06657278425713a0ef14ad284cf649efe13e9fa1d9dfe208f44aea179ac37ca17

  • SSDEEP

    786432:FGr+WC2v+ET23NUNjL/T+Z78LfNMpW3W++f1:4rv+EIUNjogNwW3W++f1

Score
10/10

Malware Config

Targets

    • Target

      Redline Stealer v30.32/Panel/Bunifu_UI_v1.52.dll

    • Size

      219KB

    • MD5

      5eca94d909f1ba4c5f3e35ac65a49076

    • SHA1

      3b9cb69510887117844464a2cc711c06f2c3bd19

    • SHA256

      de0e530d46c803d85b8aeb6d18816f1b09cb3dafefb5e19fdfa15c9f41e0f474

    • SHA512

      257a33c748dfb617a7e2892310132fd4abf4384fb09c93a8ac3f609fd91353a4f3e326124ecc63b6041ac87cf4fcc17a8bdca312e0c851acd9c7a182247066ea

    • SSDEEP

      6144:o1uzZh5rYAuBjtnkbxuzZ7Mg3i3hJtm4Fw2hHQHcHKaPUb:Ku1higb4zZR+9mcHX

    Score
    1/10
    • Target

      Redline Stealer v30.32/Panel/Common.Logging.dll

    • Size

      53KB

    • MD5

      5193ac7470f5cd288cadf0fce4ea59a9

    • SHA1

      b78f0ee86edd04a5c1709c494cb55a99d6f852e8

    • SHA256

      cb2540e1087935ba8e859832bebc1e70985fa01de26344a86a7bacf9cdfd19c5

    • SHA512

      20bdd0ff66d3dc49a9d0634e916bb6bf00fef600c0aa35956bcf8609b159332f53bfc23cd9794022352b6679c24dd0c4029b9c7d58636de054316a5afe4a88b1

    • SSDEEP

      768:vwVPM/z+bsVvMq55kjb7Ar+n4KNmQ8MtJLr51:KZsS+5k/7G+wQ9tJLr51

    Score
    1/10
    • Target

      Redline Stealer v30.32/Panel/GuiLib.dll

    • Size

      50KB

    • MD5

      42d66964ee6b3aa7710f07803f2e9565

    • SHA1

      1af7fdf8b45f0003810c3b0c13e982c5c865d557

    • SHA256

      05e0e8394154edf4366d6af144934a7014a0ad06f571dfd1e132d7099c8118e9

    • SHA512

      311cd9febd10db76e101a059410ddc4af35916ac88dda0719dd5e4f2473bcc8485161da576f9512f73716258e19f53b61515875ad0c590d1c8854ccfb525d8eb

    • SSDEEP

      768:pXBWBHqfkC/Wcd1V4+8dUQeEqUNVugUP26lunfWWeddVm:pXiWJ16+8dxeAVuwWWede

    Score
    1/10
    • Target

      Redline Stealer v30.32/Panel/IPLocator.dll

    • Size

      34KB

    • MD5

      c8b0ac355a4eccd2390775fd4f2f72bc

    • SHA1

      a56a296cf3a9b82a02db244a4112954b2f79f59e

    • SHA256

      0d1dc8a4030f457fd6323b3646f1ad8e062e2afb17845a6ffa29795dc618bb4d

    • SHA512

      73e5dc0f863ce8f17bdc9166cdae0b35f115c1f4cc247be0c07d8dd2e8dba19c24827ce1989136247732cd28380b89eb843d736f67f93304bce7adf546558621

    • SSDEEP

      768:cqLW5vmCg+LWsFma0oqipv6iGl4A+wwZbgcLTnEeZAyYrdRA8/GRrN:cqLWpjWsFRtTpZzA+BgyTEeiTh2

    Score
    1/10
    • Target

      Redline Stealer v30.32/Panel/MetroSet UI.dll

    • Size

      436KB

    • MD5

      5aeea45913eb8475077a9547d7d3f2f3

    • SHA1

      09931075a4fdffe7b051df6d3bc5b4a0bacdf019

    • SHA256

      ef2a67849fbe0f1c99263bf0acfddf15a1b3668e49fd9d35868e147d8a4c8c73

    • SHA512

      3f3ba1d117784aca8d6abfe84e9275da425fd23982aa1ce9af760a9e5d7cd5e9dc2e36a36cc6e190cb91e8b2c8888881cfd8feeb85c3249185d61273a1a1e0ff

    • SSDEEP

      12288:EE4n7EmAqNv8MkCvzMTlCPRSoWzz7QYaIHUMhPrYDK:EE4n7xAqN0MkCvzMTlCEoDYFHZeDK

    Score
    1/10
    • Target

      Redline Stealer v30.32/Panel/Microsoft.Bcl.AsyncInterfaces.dll

    • Size

      26KB

    • MD5

      970b6e6478ae3ab699f277d77de0cd19

    • SHA1

      5475cb28998d419b4714343ffa9511ff46322ac2

    • SHA256

      5dc372a10f345b1f00ec6a8fa1a2ce569f7e5d63e4f1f8631be367e46bfa34f4

    • SHA512

      f3ad2088c5d3fcb770c6d8212650eed95507e107a34f9468ca9db99defd8838443a95e0b59a5a6cb65a18ebbc529110c5348513a321b44223f537096c6d7d6e0

    • SSDEEP

      768:DulwnBhYlTVv2wK5idcgF4of1n6K9zUYJ:ywHYFtKYdcg/f1nXzUYJ

    Score
    1/10
    • Target

      Redline Stealer v30.32/Panel/NHttp.dll

    • Size

      57KB

    • MD5

      119a2ff3c42750b76773505f237e47e6

    • SHA1

      f49951c8aacece37d820c51919c44f77d3e56a9d

    • SHA256

      c0433ee6583ccda71b3b59593b21242dfa62c0212f71fd78b4349728863e89f1

    • SHA512

      2d12f462121c5e473898a33feafc185a63161eea1128940d9a7bc2ce33ddd7bf3bdc93a6d81d46060084a4fb619d75ff858fc5689443e15328b178b37432c4a9

    • SSDEEP

      768:gMmEsXlFXebhEuWvbeS5CByD1G9lJ843s6oDuFYJKdMk3ys6VJBaJ1+VKK:gdE2AuC4SKG9lJdBoOdZ3YVJBaXcKK

    Score
    1/10
    • Target

      Redline Stealer v30.32/Panel/Newtonsoft.Json.Schema.dll

    • Size

      208KB

    • MD5

      260a18bcc6d697d5c9f42299f2f34195

    • SHA1

      de566fe1aa6d98310ddfa9d0773d1bdf47675c37

    • SHA256

      b3cc57a64a89017c294927d93a24d10e5863287cdf32bd0f173386d3caebf5a8

    • SHA512

      0451e2027ce21d1e7ed5267917b49c27f1e264ef58512d489da5d4359b62ceb7971ab2adec569a0626d9bcdeeae1f1f4744b5d0c8e1158a2af70c1e03d2cae29

    • SSDEEP

      6144:PvT7+4dA4e7+wnOwCRv7S8sjs4pcw0KZ:nT7+4u4e7hOwvs4p

    Score
    1/10
    • Target

      Redline Stealer v30.32/Panel/Newtonsoft.Json.dll

    • Size

      683KB

    • MD5

      6815034209687816d8cf401877ec8133

    • SHA1

      1248142eb45eed3beb0d9a2d3b8bed5fe2569b10

    • SHA256

      7f912b28a07c226e0be3acfb2f57f050538aba0100fa1f0bf2c39f1a1f1da814

    • SHA512

      3398094ce429ab5dcdecf2ad04803230669bb4accaef7083992e9b87afac55841ba8def2a5168358bd17e60799e55d076b0e5ca44c86b9e6c91150d3dc37c721

    • SSDEEP

      12288:Lf9WGsSVSM2mxL2nRiOr8gUckc6V/g2GhBzj05cH:7XNL2PVh6B+Bzjmc

    Score
    1/10
    • Target

      Redline Stealer v30.32/Panel/Panel.exe

    • Size

      12.1MB

    • MD5

      85afedf22ca7d0561be4443e854459a7

    • SHA1

      1fec08de68672a302f0df40ff30b22cee4d18057

    • SHA256

      130a2379f8f07cec2cd9935bdf67bfcfbb977327f89f017dc16f19efc871d864

    • SHA512

      e5229c4e67bc7d4ef8b53c94cfd017833797ecb52a93d71e9770ae50aaaa8e3e6c9b6433389f85255c2fe92bf94bdf1f6d1c49a01ac0809d7c8ccdb8c07dce03

    • SSDEEP

      393216:+A+bVvdvbtsjjBbns3JX08gNghF5tAVsQsaBMvBVvrsV4ojavjdTbvosw+z6VVq1:+A+bVvdvbtsjjBbns3JX08gNghF5tAV8

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      Redline Stealer v30.32/Panel/Pluralsight.Crypto.dll

    • Size

      45KB

    • MD5

      4ae6096005c37982c8b0c7b465d88da5

    • SHA1

      93486afd78d1dba82722bee3ff7661e4740b9f05

    • SHA256

      e3e598d322d72e6b717f6753d02d8f98a5436e884adbc0cc383e7a39a3c35b04

    • SHA512

      86b52ab17120ec7c2941b7598c2b90ed8bce6f4c11a5c3e6e026c60f976ed58b042a8495c16f2a6a4dee8463da788a90ff6008069a133f566862afcc8ab65642

    • SSDEEP

      768:nkwGNy7QxrBNTEpN+efDLMJQWv+3txn29FRTIQNqMQbQLnBYB+0Mp9E+8iROAzN:nkw8KfnMJT+7n2/R0qxrBYU0MQ+8iAA5

    Score
    1/10
    • Target

      Redline Stealer v30.32/Panel/RestSharp.dll

    • Size

      187KB

    • MD5

      6122f53b28d172d5711b79427d89b409

    • SHA1

      6bde48731f89b3bbbde7614898638a4f33121114

    • SHA256

      676e00e8f81b6c25e122277d55a56d28924a4cc304f160ad1dfb803e8d2ea594

    • SHA512

      a9e6d2bd3b62a7b37f7a0aa241f057e8266ed836b3df92ab4dc9d7ae7a9e928bd468d7d8e88e7ba1ca04ca443a0a552ca6419cea69cc3f9b3f2c7e7f7899a4b9

    • SSDEEP

      3072:bcDieefd3nF+GhIVE+mvJOUc6XM42SuYA6qIGqskUi2m7FktfLJ19D:mq9nF+GmVBmQUt2Su2jGqskF

    Score
    1/10
    • Target

      Redline Stealer v30.32/Panel/System.Buffers.dll

    • Size

      20KB

    • MD5

      ecdfe8ede869d2ccc6bf99981ea96400

    • SHA1

      2f410a0396bc148ed533ad49b6415fb58dd4d641

    • SHA256

      accccfbe45d9f08ffeed9916e37b33e98c65be012cfff6e7fa7b67210ce1fefb

    • SHA512

      5fc7fee5c25cb2eee19737068968e00a00961c257271b420f594e5a0da0559502d04ee6ba2d8d2aad77f3769622f6743a5ee8dae23f8f993f33fb09ed8db2741

    • SSDEEP

      384:/rMdp9yXOfPfAxR5zwWvYW8a2cyHRN7vCvlbLg:/rMcXP6N6e

    Score
    1/10
    • Target

      Redline Stealer v30.32/Panel/System.Memory.dll

    • Size

      138KB

    • MD5

      f09441a1ee47fb3e6571a3a448e05baf

    • SHA1

      3c5c5df5f8f8db3f0a35c5ed8d357313a54e3cde

    • SHA256

      bf3fb84664f4097f1a8a9bc71a51dcf8cf1a905d4080a4d290da1730866e856f

    • SHA512

      0199ae0633bccfeaefbb5aed20832a4379c7ad73461d41a9da3d6dc044093cc319670e67c4efbf830308cbd9a48fb40d4a6c7e472dcc42eb745c6ba813e8e7c6

    • SSDEEP

      3072:nUGrszKKLB8a9DvrJeeesIf3amN32AW/rcyw/s:OB8l3/aK32qU

    Score
    1/10
    • Target

      Redline Stealer v30.32/Panel/System.Net.Http.Formatting.dll

    • Size

      174KB

    • MD5

      b676d5e9828d6010339743f236f54ec4

    • SHA1

      0dff461be2e04ebf6da5f4f2d3eb639cc2e0a8b5

    • SHA256

      7b58adc6e23b24cd6615b35e848a002bda053a26d48f9ddafacfc8098e97c49c

    • SHA512

      cca0ed47b391b12f44716db1921314e7dcbf2a9f6b0916c78642b4aa814825c570569b103a7f5e298e9c02dbae22e7cb905f08f80f94ad6dcb69fe09085cd8a8

    • SSDEEP

      3072:BXWun8Jw8fCk/Dvf5eso7DpGbG8pwp2xuRLYs8ZS:BXWu8Jw4L/D3UVVGbGbMS

    Score
    1/10
    • Target

      Redline Stealer v30.32/Panel/System.Numerics.Vectors.dll

    • Size

      113KB

    • MD5

      aaa2cbf14e06e9d3586d8a4ed455db33

    • SHA1

      3d216458740ad5cb05bc5f7c3491cde44a1e5df0

    • SHA256

      1d3ef8698281e7cf7371d1554afef5872b39f96c26da772210a33da041ba1183

    • SHA512

      0b14a039ca67982794a2bb69974ef04a7fbee3686d7364f8f4db70ea6259d29640cbb83d5b544d92fa1d3676c7619cd580ff45671a2bb4753ed8b383597c6da8

    • SSDEEP

      1536:nPOw0SUUKw+GbgjMV+fCY1UiiGZ6qetMXIAMZ2zstK/hV+sUwS:nWw0SUUKBM8aOUiiGw7qa9tK/bJS

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks