redline

Sharing

Copy URL

Twitter E-mail

General

Target

Bolt-Checker-v1.3.5.zip
Size

15.7MB
Sample

250131-wth77avqdj
MD5

c16b3e9a764266ef68fd5912b2d86c78
SHA1

f1f7ff65aa18ed0089d8f70f3e1e5cdc094f20de
SHA256

b40751a1772758b3f86b29115eba8746825f4d4f1c54d559de2de718ada2917d
SHA512

d6674c6ee2dd5a2779536ece5e3dec4b4a961e11d67dc430e30b36938f190ee58f9368fa7cd78eea79505aac65e7499dc810c7b20150402a5e92ee7f995402d1
SSDEEP

393216:Mqur5cT7omlcYJH0FWuYHEDQn4k6KYeuMUj17N/:2r5u7oxy0F7YkDTk6KMz

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

@Sentak88

45.15.156.167:80

Targets

- Target
  
  Bolt-Checker-v1.3.5.zip
- Size
  
  15.7MB
- MD5
  
  c16b3e9a764266ef68fd5912b2d86c78
- SHA1
  
  f1f7ff65aa18ed0089d8f70f3e1e5cdc094f20de
- SHA256
  
  b40751a1772758b3f86b29115eba8746825f4d4f1c54d559de2de718ada2917d
- SHA512
  
  d6674c6ee2dd5a2779536ece5e3dec4b4a961e11d67dc430e30b36938f190ee58f9368fa7cd78eea79505aac65e7499dc810c7b20150402a5e92ee7f995402d1
- SSDEEP
  
  393216:Mqur5cT7omlcYJH0FWuYHEDQn4k6KYeuMUj17N/:2r5u7oxy0F7YkDTk6KMz
Score

1^/10
behavioral1
- Target
  
  Bolt-Checker.exe
- Size
  
  276KB
- MD5
  
  7d72c4347290b0a3bfceff6622c36156
- SHA1
  
  38990696148cc97fe52b4b21b5bd312e4eace819
- SHA256
  
  9cf9d59687376c77690a82b6bc12c6b6a1b87c6f568467ab9954e4d518ae5d31
- SHA512
  
  f6c2fd26f8009201d7189458ce63bcd89f5ef22a9b24751fc76dba2f1711bd4c43c1a696f84415cea173c5d334aab9bfdefad3daffb507301acc2e08bd5f766b
- SSDEEP
  
  6144:c/hUQZiwn9hvjiaeFHDi+DZUdHDgKhroyYBD086QXhaasQuPbcq7o:nu9nrleFHDHCDro9Dd6S7sQobcq7o
Score

10^/10

redline @sentak88 aspackv2 discovery infostealer pyinstaller
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Redline family
  redline
- Downloads MZ/PE file
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral2
- Target
  
  config\config.yml
- Size
  
  341B
- MD5
  
  7152957cc56a121d5181b83e0fd97ee4
- SHA1
  
  53677851ac778b776b889b203ff1b45efd84e9b5
- SHA256
  
  90e8fde277a013d55b8958a75b251d93815fe87c0e02f53383a3a2ffdfa9f7fd
- SHA512
  
  4bd6dfea165b833f9f50a8da4d729f0a3213b27370b5a03a7edb48bb9cf4b05fe653c34fcfb2ef8f2568985fe7d301cc3def65a729e61a72ee697e93782e9bb8
Score

3^/10
behavioral3
- Target
  
  drivefsext.dll
- Size
  
  1.8MB
- MD5
  
  26f56121184843056f1d6e6db3f9844b
- SHA1
  
  f8d6c767cab3be5e55608cc5abd30a4c383759e9
- SHA256
  
  3ad26e1c16b6f49c6136c0c1c02c5943437349a310a6bcc5a8a0f4924a6f4ae4
- SHA512
  
  13a0898a6780f474ab4ffe8e46ca0227f03f2c4d26daaf4b61862eb7374a65d887b96a8672f21247e7f3aac4c49cce77521dd1564983b52f8716219aff894b9d
- SSDEEP
  
  24576:2m3hIqxIdAtLA0Q9xtPUf0ZOxGI3ffWgR5vuv54Jdhx76g:2gWaW9xthIXWgR5vuv54Jdhx7n
Score

3^/10

discovery
behavioral4
- Target
  
  lib.lib
- Size
  
  13.3MB
- MD5
  
  4ce50cca2848e1dcbf5efccfdaae4ca6
- SHA1
  
  8b0e2bf6fe3aa3144274ee774997204e14562e5b
- SHA256
  
  594c8ed0ce19b92e91bdcf6b93955db04734e3cdf937dc070ae13f210c8ca023
- SHA512
  
  cd76ebb1c38a1b65378820dbd0c3e673b226a126e377a16eeb03fa87a29f3ef1781e264c4d2ca5389518e00d8d5e49ecfb813a1f311290898f4bad590bf5fa35
- SSDEEP
  
  393216:VOT1+TtIiF0Y9Z8D8Ccl6lshCW8SKMMIIht/x:sT1QtILa8DZcIl7W8S4
Score

7^/10
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral5
- Target
  
  boltchecker.pyc
- Size
  
  240KB
- MD5
  
  af467bcd220b1857397beef6ae9e3e50
- SHA1
  
  ebf00134845891f30269ffefc6e0a6bd7a440025
- SHA256
  
  22c0658ad48ddedff6f0a242585a8f504430e97c4bf3ffc6306c402f99ed1c5c
- SHA512
  
  ee193313864341f7ea5b7067fb1934a16c9c34797658886ac66892be267626a6e10c5a1ddee4595b6850b3a45ef01ecb155df54dcf560804a681b72e6f004a5e
- SSDEEP
  
  3072:Fv7zPnzHahF4cpSlTLbd/10w0QeXBBC0LhUWaqDIV:Fv7DMVucxQeXBBC0LhUWaqDk
Score

3^/10
behavioral6
- Target
  
  libexec.dll
- Size
  
  275KB
- MD5
  
  b9352fa2d673bf124116ba9e5639956e
- SHA1
  
  f511f3b653fc0a7a3e49d1cc58c21c9a53fcf79b
- SHA256
  
  58a0b8c13f085a3181fecc5d97cdfe5e35892af6b4b31d79657fc88512bb520d
- SHA512
  
  eea7bd7ff2023e2239b6d5a5ba96d4ecdab4217ecdd6f7403947aa09b1dd54db533bde3b8ef2256cdb720086754c716842bf98810c135b4d72f281dfe5dd48df
- SSDEEP
  
  6144:1PXVt3l07qcbU0ddapOpVXMpUvRz1Kxudx:FFt3lQbU05pm2z1KxY
Score

3^/10

discovery
behavioral7
- Target
  
  skins_database.txt
- Size
  
  90KB
- MD5
  
  ccd3dae8529bdbbcea13a17fd37bdfcb
- SHA1
  
  9c011fef7b64b78e8b37aa929d77499e7a5b06e0
- SHA256
  
  c799a2ccba79e0bb47dd140933078a0122087ad4fc52464eea3f775e943bcbe9
- SHA512
  
  16ff1ea4fda2d8f4feb03f35af8aecf2451778e0128d560e0fbf27d35722f86e7510ad9976b36d31b751dd48bd10b941025fb84103bc6d4ae67d4a90c3628932
- SSDEEP
  
  1536:KkFivYhF/l7kHbAnNcEASwRk8ts+whnCFpxGUoOKp8oZFXn+q:KyF/l7kHbAnNcEASwRk8ts+whnCFpxCX
Score

1^/10
behavioral8
- Target
  
  version.txt
- Size
  
  5B
- MD5
  
  680ff5646307e9a5e16a1528ad2d1d83
- SHA1
  
  7d88475c68cba7127d611641fa69160437b6885e
- SHA256
  
  b1641c3ad059e8cd71cc1a56b0b508358b773093d43158790af268acc31279a2
- SHA512
  
  5ddd51af181fdf72276f045d1416116da0b90a066c52618a2ba147c6959dc594b2ed8edbe5ab2d9e2ae8b2f89e42f0abe4cdedc5ebff686ebe707e67c1fe9160
Score

1^/10
behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

RedLine payload

Redline family

Downloads MZ/PE file

ASPack v2.12-2.42

Executes dropped EXE

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9