redline

Sharing

Copy URL

Twitter E-mail

General

Target

net6.0-windows.zip
Size

46.3MB
Sample

240629-h2chqataqa
MD5

03f3b30a76ca86d2143e4640ab1adf09
SHA1

0c0b6e30e005617b478e664fe39c69510d334f4a
SHA256

c275fa76cd231b14bc455b8bca71054349e900cdd4708bd5aa5f5d83880f27e1
SHA512

9abe9fc81c6509c283f77d67db56c43d203419068fabfcf1557c4290166314d6adcf22865c5ca7228118badcd270509a6538458984107e9d21241b46725959fc
SSDEEP

786432:/VxVOki1pSRqDOjYPrhLzA1YhYjvallh2BUNdBGIhcQ46oP0SexXZCqBM:tOki1/FNwMYjSnlViQNoMSerCqa

Score

10^/10

Malware Config

Extracted

Family

redline

Botnet

@nmrzv88

94.228.166.68:80

Targets

- Target
  
  net6.0-windows.zip
- Size
  
  46.3MB
- MD5
  
  03f3b30a76ca86d2143e4640ab1adf09
- SHA1
  
  0c0b6e30e005617b478e664fe39c69510d334f4a
- SHA256
  
  c275fa76cd231b14bc455b8bca71054349e900cdd4708bd5aa5f5d83880f27e1
- SHA512
  
  9abe9fc81c6509c283f77d67db56c43d203419068fabfcf1557c4290166314d6adcf22865c5ca7228118badcd270509a6538458984107e9d21241b46725959fc
- SSDEEP
  
  786432:/VxVOki1pSRqDOjYPrhLzA1YhYjvallh2BUNdBGIhcQ46oP0SexXZCqBM:tOki1/FNwMYjSnlViQNoMSerCqa
Score

10^/10

redline @nmrzv88 infostealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1
- Target
  
  assets/fonts/ac3plug/ac3plug.zip
- Size
  
  22B
- MD5
  
  76cdb2bad9582d23c1f6f4d868218d6c
- SHA1
  
  b04f3ee8f5e43fa3b162981b50bb72fe1acabb33
- SHA256
  
  8739c76e681f900923b900c9df0ef75cf421d39cabb54650c4b9ad19b6a76d85
- SHA512
  
  5e2f959f36b66df0580a94f384c5fc1ceeec4b2a3925f062d7b68f21758b86581ac2adcfdde73a171a28496e758ef1b23ca4951c05455cdae9357cc3b5a5825f
Score

1^/10
behavioral2
- Target
  
  assets/fonts/kust.ttf
- Size
  
  121KB
- MD5
  
  c5f051bb1fd55b929d98513d4d70d5d1
- SHA1
  
  c3b451906a76e2ddd90ac3795f4530275571443a
- SHA256
  
  98e3e3580fee8d7fa6d624ec95a255d1053ebd0ad23029fe77512a714e2653e1
- SHA512
  
  7a12f7c6d684d1b238ec30c9070e7596da39d6305432d6852afda8fc4801aa0a4b50c0f639affabc9eff37961998fe93a7a38da1851da501a4cb950df98596f5
- SSDEEP
  
  1536:5pNUfoqLk2ByKAF09k5G9pOlRWspOlRWiLk2ByKAF09k5GhyALEr/pc9w:mAqLk25KoLKRXKRVLk25KoFcaW
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3
- Target
  
  assets/fonts/monof_tt-be11.txt
- Size
  
  940B
- MD5
  
  be11a340cfdb7b60dfcf69e877266fc0
- SHA1
  
  906c804f4ccc1e4cc70008e272ffa36003c868af
- SHA256
  
  7bed9d8c12d073d6666427387b53fa27250031a04ae8087fbc36073830f27bfb
- SHA512
  
  5b793ded1a3325bcbd5083aa8f9688495efa63c317ad74019b8c60881f404f66d0ce9a60c59de251ceee169a8181684cd0d3ad1cb2c82b51573de94d28dfde28
Score

1^/10
behavioral4
- Target
  
  assets/fonts/opensticks.ttf
- Size
  
  246KB
- MD5
  
  d308c02f40e415178c037589ddb6e22c
- SHA1
  
  573710fbc8a44b84c4946e688d4979c31a0b627d
- SHA256
  
  e54b868c5171587d1905942d9fdc16453178717e27e53e14959de2ee251ee277
- SHA512
  
  a0d9c5928cf70a6c954b40efd7198d9887285645664c2567a51db4490bfac1e1efb3c0a043b23062f85ce21646772393dcb115f2d23e33173803a55fb2459ade
- SSDEEP
  
  3072:NUh/PxSRcHX8idGIOl8U4VUgRGhp+7gbOl8U4VUgRGhpc:QIRc3Yl8U6nbl8U6p
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral5
- Target
  
  assets/fonts/spincycle_3d_ot.otf
- Size
  
  43KB
- MD5
  
  6d39015d8d8f82e2cbcffcafb6d7012d
- SHA1
  
  53ef85db53c2de6bbcd0b7f08df97c36ce0b61a9
- SHA256
  
  41a1e603f5befa0bb2d5c657a8858d8c9368bbb65d09c756bcaa49c2afcd48c8
- SHA512
  
  d946bc1181f1bc852f50cf80cd9c845ef31e074b217533b38aea47bd69b725b8f54ef35521bf6681c58220dfe0ff75ccd5a847bb86eb23b7aef393f5524bb157
- SSDEEP
  
  768:gXgl3AsWXwqr/3yekwLdZ80Rkp9NoJZ6fIIIIIO1vllHgjiKkvonYLzeS7slKjY7:gw3Agqr/3yeXdZ8jpT8YPejmYYRoBVko
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral6
- Target
  
  assets/fonts/summer85.ttf
- Size
  
  62KB
- MD5
  
  2b51a821fae16b9b098ef3d0f57c572c
- SHA1
  
  f749a1d65bf3435bb865c00f058f6901e0cee710
- SHA256
  
  d1372b2549345f76cd5660679c2b805d20ad202c2ed33116470909a9437a2663
- SHA512
  
  de369ea9aeb9411c750ff9cf62ffccfae0595135155263de2087d1ac14a90b17ce41a0bfc3d6da8b5b71b53b162d1cb3da0c8b66f3ef7991e26f73550774d1fb
- SSDEEP
  
  1536:+KrD95MKqFIiRcf/4xctDa1EuRe77thEJBZz6:+Kb3f/VRa1pD8
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral7
- Target
  
  assets/fonts/twemojimozilla.txt
- Size
  
  83B
- MD5
  
  c7fbff22d96600cd82e4f15010961bdd
- SHA1
  
  017c343816afc46653e9f6c6382bd1970065c46b
- SHA256
  
  81068ac107f049d215154e60adc57fd8501c45b6c68213c308b86127f768fa56
- SHA512
  
  e172624c35ae34b2f9149c0de5676d68418f0a637473b0efda80dea0e1765ab6137626f8c7c68ae25e62855e5b2167a38096629c96963f4ed6615bde39805d6d
Score

1^/10
behavioral8
- Target
  
  assets/models/editor/camera/camera.mdl
- Size
  
  35KB
- MD5
  
  7b6b04d824848b4e721727b996d13490
- SHA1
  
  6119921f3b315b882ba2bfff0d9547636bac77e3
- SHA256
  
  fe23dea9add22aca27e63f9f51726b283bf287cf7fd79925638a5849aafa0e91
- SHA512
  
  253417c14a9b88fbfb2e2e4fc9944d9739165ac219f746a852538929e561c2b7c9c52b23e86d43177c1ea6768b4fd6f40ad5c2f50257c0e7b69e64cd75fe883d
- SSDEEP
  
  768:CR4SvEHeWLFcth2BAaFaSDNla/1ZABMxg4fM+wbxIzk2Z:NHeCFcmq2aSDe8Bt4fcSY2Z
Score

3^/10
behavioral9
- Target
  
  assets/models/util/composelayer.json
- Size
  
  78B
- MD5
  
  96ce279f1d5424f5ba5e5380d7bfdcbc
- SHA1
  
  8160a9cf2e32314302e71daab486d8e00d0c4952
- SHA256
  
  46873426756c1d50aa41cf7241f9a37a3d1277597c13c6afbe943c1d721c3854
- SHA512
  
  438bd71f59a7a73a772ebff8367dd9e8452de44adb6fdc57f397c26660b57a38da4719cbd653c1d71c04c8ca61a32692f7952b29ce02246df88e609c03246c52
Score

3^/10
behavioral10
- Target
  
  assets/models/util/composelayer_depthtest.json
- Size
  
  88B
- MD5
  
  28a449eed1c020fb78712151e8aba8ac
- SHA1
  
  fd7b9b1b875cc6f23b1d40162121ceaabb54f9ef
- SHA256
  
  2e4c9a0d4aa4e4216103a2401910cc295774efd9d1cf196abe0411d95136c789
- SHA512
  
  1e53d87e29e489e4ee2da16409ee2593689a04e3793b8fc851a62d733b10dc15c720af51524d0e602ebb3419be4c43ad48c9400886ec47f38007023d51cc4e52
Score

3^/10
behavioral11
- Target
  
  assets/models/util/fullscreenlayer.json
- Size
  
  104B
- MD5
  
  8c2855e6b43a2e6290a79031665eda1e
- SHA1
  
  bd1f732b4bd1be8a0b3d4ecdab310077a4c83cb2
- SHA256
  
  4be60e2bbbe476a841cd3fddd9b0b1227e8604da6ba5fc99138f575c45730354
- SHA512
  
  97e0217ce9b9512510240ac34b0535585e201091c4f1411f18d47817d2e660068cfbe6188604f90f024e6df157af592cf812c9a09005dbafccfcbe6a80431a78
Score

3^/10
behavioral12
- Target
  
  assets/models/util/projectlayer.json
- Size
  
  124B
- MD5
  
  d6300e8f9f05b97b3b2c7ae761c2eec0
- SHA1
  
  1032f6d97d87e18caf26ffc5cb8ea0037a2f8f0d
- SHA256
  
  6aa7bb15369be0ff0454a96c50dcf4f676bfec95a0886233e80d5af53c46f666
- SHA512
  
  e1f35bd181ae90301ecf917b771eeb5603cf37710f595fe3071cce8b104fea7a99715099e4c24a0d68f3bf0eba32ae8cac54764262a4e3ecb92784b8b5810b69
Score

3^/10
behavioral13
- Target
  
  assets/models/util/solidlayer.json
- Size
  
  75B
- MD5
  
  fafef00e7e3b4f98ef01c13892c90edd
- SHA1
  
  da60859344bb6d3941883c9ca09ddeff3d0e821d
- SHA256
  
  a39818343c99fbff21b3a21b962871618c63c0a9257cf944dc09d20d54e3f5ea
- SHA512
  
  3ec9a6c47e81740a051d00387549f924cf975ba83793e63317a2dcd54058668f861521b872bd80903749289944de67e20059eb5329e7a72c6b4025aeeee609e3
Score

3^/10
behavioral14
- Target
  
  assets/models/util/solidlayer_depthtest.json
- Size
  
  85B
- MD5
  
  97ab3eab501dd57d08c925912f578720
- SHA1
  
  c44d398f1219c1c217c25378672cd886e4acb7e3
- SHA256
  
  db4f9c28b74b2aa076abab787302bd023e5979fbf3ec19d70f432c7a2fab38a1
- SHA512
  
  b42b33d91e2e1867644db9bdd54fed6b15568280c79f2cda1cd599b10d781c2e76c0ab8389630b093ad2923fb7bf806c3a6e6c9ecd39f1c9e024e5ef5ad032d8
Score

3^/10
behavioral15
- Target
  
  mfccpu.dll
- Size
  
  1.9MB
- MD5
  
  757f2348b8595b7d3ab7b1d5c7bad1e6
- SHA1
  
  9366ccaace2df7b4f106c6ca07a3eeb598cc6238
- SHA256
  
  524e0e13def0d43f4e2bd6fb87cc08473b2fd714d4e02b8467c6b5ebecd0e42f
- SHA512
  
  d885c33ffafae0795567dd68c2aaaf472cfbed80165863b0746d2d559258e90e76aa8dfe98de09c8819160b96c7110287bb9cb11fe2cef8f02a7408e3b915f73
- SSDEEP
  
  49152:2KzyRJbS5uuw7qv+WGTG0ut5uCK0JYxPWMJu+BvQncHszZ+x:2K+RJbSwuoqv5ud06F/uqvQncH
Score

1^/10
behavioral16
- Target
  
  picker.dll
- Size
  
  390KB
- MD5
  
  29880f0732bbad2c4645198c10c31b4c
- SHA1
  
  36dcf0b2b2e78ba327130cc5d0465a8e085aa2e2
- SHA256
  
  31978ad9ebbf270657d2443a57d9ad28b5fc7b107a9b626548fead80cd55c54e
- SHA512
  
  b00f4d4cd0e116cd9862399f053d01311b3a8f7422dfbc197c66d88b79d13603405951398098ae61711ab12691f52ae3741f4d015ac6747ec41a898f14c94de3
- SSDEEP
  
  12288:Z22CIVOkyOVOkyNmXLbVib19ibeCjwKdbs87:kz9vJUqC8Kdbs87
Score

1^/10
behavioral17
- Target
  
  ref/MagicOrbwalker1.dll
- Size
  
  19KB
- MD5
  
  bf431efad47ff61437829d6b5de4e214
- SHA1
  
  3d9f904970826baba3ce5cb66b07608d7c522d00
- SHA256
  
  8863e1a7b1a577f754cfe737abdb7d3e50a1b369944314bf7201ce4035c3ac9b
- SHA512
  
  42e80f2597439ee38068d211d5081e468980a22b5cb355e279f5ca4ec537f1188ad2bb21b0e71d2ce05985a3f366fb3eedf1ba5f4d1baa14e9e297d70909f1f3
- SSDEEP
  
  384:3400OF+77QqHOJUIb5NRI1eA1nlnRuRc/vE8NK9hYvmpaOWCP:3T0OF+wKvI3RYeA1nlfvwhGmpaON
Score

1^/10
behavioral18
- Target
  
  releases.exe
- Size
  
  512KB
- MD5
  
  c4010b8dd78ca0643c607a4a9bd0bb82
- SHA1
  
  ee37d859cec9893548969b3f02b9115281fccfb5
- SHA256
  
  20f0249d2de2c0a17a474447c89bf1cc48dd42e104d6bad4ef493967cedc2455
- SHA512
  
  db5561d04d5e7bbcac7b852921508ddac2aba51fb64d6b1219baa8998485a8ce0a425a9958fd2c7a7c438e97eefe07de6dfe4308bcb753cfc61a4d95784f7c7e
- SSDEEP
  
  12288:diFfKsLIh/4hpETEt9nsKRHqDgWMokw4:d0iP/ECTss2qDDM2
Score

10^/10

redline @nmrzv88 discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral19
- Target
  
  skin/Color3/sz0/App_Hover.png
- Size
  
  5KB
- MD5
  
  1c7cc1125e32cbcb90fc4b2f7a4429a0
- SHA1
  
  93ccd0f0d095dfc2c6c0c410df1077276610bb79
- SHA256
  
  d1c5090260e09f0ed725c24352743049cb9b19b6228c708704ced1b81b659c2e
- SHA512
  
  74d5fe9d14311c2412f2c1712dd1268b6bcda293a7f8ff8fa8b54d569804bb0662075ae3ac4f1f1f914137eb070747a923c8889b3b55d6ff623637a49f5f4413
- SSDEEP
  
  96:UllcHitlIxv9vk7C1+I4wWHLihk/xme2c74kRTq9J+vq5IGMeSkpr9buDGz2HXsS:PIIHUCD4wa0e2cU6GJ+y5LMGrs38OrJp
Score

3^/10
behavioral20
- Target
  
  skin/Color3/sz0/App_Normal.png
- Size
  
  5KB
- MD5
  
  54ddf9208f962d6d7115423236fab298
- SHA1
  
  3ef41dbfd2471fae834e7a861558e9e421bb7f0a
- SHA256
  
  5a0fdf22919847c98296ccd4fe7907ba2186ed683a76fa59f7bb7b6aa2d672b4
- SHA512
  
  ae99a5473701c89dd3b9da5979f39b4df01a405c427d48e20666d73363cf0748fcaaeccb525ad23399906381c4344bdaa0ddd6dc0fc26db724becf84ac034592
- SSDEEP
  
  96:UllcHitlIxv9vk7C1+I4wWHLihk/xlveKFMqfIygd1jQ9peCTHtPqeCNoi6TtYMX:PIIHUCD4waLeKyqfIJ/Q9peCrP3xJoS
Score

3^/10
behavioral21
- Target
  
  skin/Color3/sz1/App_Hover.png
- Size
  
  5KB
- MD5
  
  1c7cc1125e32cbcb90fc4b2f7a4429a0
- SHA1
  
  93ccd0f0d095dfc2c6c0c410df1077276610bb79
- SHA256
  
  d1c5090260e09f0ed725c24352743049cb9b19b6228c708704ced1b81b659c2e
- SHA512
  
  74d5fe9d14311c2412f2c1712dd1268b6bcda293a7f8ff8fa8b54d569804bb0662075ae3ac4f1f1f914137eb070747a923c8889b3b55d6ff623637a49f5f4413
- SSDEEP
  
  96:UllcHitlIxv9vk7C1+I4wWHLihk/xme2c74kRTq9J+vq5IGMeSkpr9buDGz2HXsS:PIIHUCD4wa0e2cU6GJ+y5LMGrs38OrJp
Score

3^/10
behavioral22
- Target
  
  skin/Color3/sz1/App_Normal.png
- Size
  
  5KB
- MD5
  
  54ddf9208f962d6d7115423236fab298
- SHA1
  
  3ef41dbfd2471fae834e7a861558e9e421bb7f0a
- SHA256
  
  5a0fdf22919847c98296ccd4fe7907ba2186ed683a76fa59f7bb7b6aa2d672b4
- SHA512
  
  ae99a5473701c89dd3b9da5979f39b4df01a405c427d48e20666d73363cf0748fcaaeccb525ad23399906381c4344bdaa0ddd6dc0fc26db724becf84ac034592
- SSDEEP
  
  96:UllcHitlIxv9vk7C1+I4wWHLihk/xlveKFMqfIygd1jQ9peCTHtPqeCNoi6TtYMX:PIIHUCD4waLeKyqfIJ/Q9peCrP3xJoS
Score

3^/10
behavioral23
- Target
  
  skin/color0/sz0/App_Hover.png
- Size
  
  5KB
- MD5
  
  99e9b8abea1db8e57a984557a94725c5
- SHA1
  
  4d84c7bccdaabc52b4366dba4625204a6670fe50
- SHA256
  
  422790eafe057ce4845fa80a4f5abe0604196df4fdd45d23859f5eb1c3994787
- SHA512
  
  ee376ed8a38ef7e2331f17a6bed0ad13ed5349f620db4bdece2003a0422b933d12c9905ba8292c7b80f85ee8689c4267223353558c8b12181f920d876c1a5508
- SSDEEP
  
  96:UllcHitlIxv9vk7C1+I4wWHLihk/xlflIVuC8JpjkG9udOz0ZhXvLyIbabz:PIIHUCD4wapIQC8JpgGFohjy6abz
Score

3^/10
behavioral24
- Target
  
  skin/color0/sz0/App_Normal.png
- Size
  
  5KB
- MD5
  
  54ddf9208f962d6d7115423236fab298
- SHA1
  
  3ef41dbfd2471fae834e7a861558e9e421bb7f0a
- SHA256
  
  5a0fdf22919847c98296ccd4fe7907ba2186ed683a76fa59f7bb7b6aa2d672b4
- SHA512
  
  ae99a5473701c89dd3b9da5979f39b4df01a405c427d48e20666d73363cf0748fcaaeccb525ad23399906381c4344bdaa0ddd6dc0fc26db724becf84ac034592
- SSDEEP
  
  96:UllcHitlIxv9vk7C1+I4wWHLihk/xlveKFMqfIygd1jQ9peCTHtPqeCNoi6TtYMX:PIIHUCD4waLeKyqfIJ/Q9peCrP3xJoS
Score

3^/10
behavioral25
- Target
  
  skin/color0/sz0/Thumbs.db
- Size
  
  6KB
- MD5
  
  a6657ec01ac8283bde329ee8e73b819b
- SHA1
  
  92b3c7fdc8fe4118a0f37096e45de1b1eb004f67
- SHA256
  
  a7a703f1001fa0d6674e6273db44ac6a21f7604560fe9e8665b4e13ccfccb766
- SHA512
  
  c6bcdb259544fcf967cd2d78fe060deff3d4358650574831e6bda7cb9113c47bfa21c05b46833a36daa71a484d0be6b37611b4f32cf1e152bcf617778fc0d985
- SSDEEP
  
  96:+385ExpgPNZXHq1hF4O5ECicWHp1bt49DbeF1ZHGX:ci58h/YcWJ1bm9fexHq
Score

3^/10
behavioral26
- Target
  
  skin/color0/sz1/App_Hover.png
- Size
  
  5KB
- MD5
  
  99e9b8abea1db8e57a984557a94725c5
- SHA1
  
  4d84c7bccdaabc52b4366dba4625204a6670fe50
- SHA256
  
  422790eafe057ce4845fa80a4f5abe0604196df4fdd45d23859f5eb1c3994787
- SHA512
  
  ee376ed8a38ef7e2331f17a6bed0ad13ed5349f620db4bdece2003a0422b933d12c9905ba8292c7b80f85ee8689c4267223353558c8b12181f920d876c1a5508
- SSDEEP
  
  96:UllcHitlIxv9vk7C1+I4wWHLihk/xlflIVuC8JpjkG9udOz0ZhXvLyIbabz:PIIHUCD4wapIQC8JpgGFohjy6abz
Score

3^/10
behavioral27
- Target
  
  skin/color0/sz1/App_Normal.png
- Size
  
  5KB
- MD5
  
  54ddf9208f962d6d7115423236fab298
- SHA1
  
  3ef41dbfd2471fae834e7a861558e9e421bb7f0a
- SHA256
  
  5a0fdf22919847c98296ccd4fe7907ba2186ed683a76fa59f7bb7b6aa2d672b4
- SHA512
  
  ae99a5473701c89dd3b9da5979f39b4df01a405c427d48e20666d73363cf0748fcaaeccb525ad23399906381c4344bdaa0ddd6dc0fc26db724becf84ac034592
- SSDEEP
  
  96:UllcHitlIxv9vk7C1+I4wWHLihk/xlveKFMqfIygd1jQ9peCTHtPqeCNoi6TtYMX:PIIHUCD4waLeKyqfIJ/Q9peCrP3xJoS
Score

3^/10
behavioral28
- Target
  
  skin/color0/sz1/Thumbs.db
- Size
  
  6KB
- MD5
  
  f501ea21896eca50dafb2a851267232e
- SHA1
  
  8b9fd4e0c994a7928a624a310418e50a64015b32
- SHA256
  
  5ce25e36541ef392d4fad1c72a408f94d08e89cad03407e179f3c63ac1f155cc
- SHA512
  
  03b4df9d84ddda420e6e25946541829817acda852466041cf663a25f143d82a9139f9a8fd96067c16d451180551fca667e01e8e4cbb6f0bc08162846fd46e34b
- SSDEEP
  
  96:T8xExpg3rrBhl+gxqHzrCgJXQcx1YKuPnsdRhmr:T6JzlvqHz+8xqrPny4r
Score

3^/10
behavioral29
- Target
  
  skin/color1/sz0/App_Hover.png
- Size
  
  5KB
- MD5
  
  f1333f386cb82ed1c11a6236903fb80c
- SHA1
  
  33c3d22f51ce7145ed02c542c6973878e2765fcd
- SHA256
  
  2fbbe4eb8ae3a2d6cd50927c42ff926f58bf9657a37610564014925d0fde944e
- SHA512
  
  f13ce2de8975a15c70e99b68cd421a794a866ff2c2cbda3f1270ce1e05f76e9116225788c2103a088922f930e9303f23a19586b29082256b20ac7b325e09b091
- SSDEEP
  
  96:UllcHitlIxv9vk7C1+I4wWHLihk/xlFwmSpyDC8Du72u0Ha2zuxXbOskdPeoX+:PIIHUCD4waOyy2t7zQbOsEC
Score

3^/10
behavioral30
- Target
  
  skin/color1/sz0/App_Normal.png
- Size
  
  5KB
- MD5
  
  54ddf9208f962d6d7115423236fab298
- SHA1
  
  3ef41dbfd2471fae834e7a861558e9e421bb7f0a
- SHA256
  
  5a0fdf22919847c98296ccd4fe7907ba2186ed683a76fa59f7bb7b6aa2d672b4
- SHA512
  
  ae99a5473701c89dd3b9da5979f39b4df01a405c427d48e20666d73363cf0748fcaaeccb525ad23399906381c4344bdaa0ddd6dc0fc26db724becf84ac034592
- SSDEEP
  
  96:UllcHitlIxv9vk7C1+I4wWHLihk/xlveKFMqfIygd1jQ9peCTHtPqeCNoi6TtYMX:PIIHUCD4waLeKyqfIJ/Q9peCrP3xJoS
Score

3^/10
behavioral31
- Target
  
  yccV3.dll
- Size
  
  231KB
- MD5
  
  101d63244d7ee78e902e1bebfafa5acb
- SHA1
  
  0d501d964237e3bb4c29ed893da8bc084d8b5cd0
- SHA256
  
  b644b78f3c0c949e454f13685790b9f91fea87715258adbc81c175c2794a09fb
- SHA512
  
  17969217a6045f401152c73c2edab2fc4017a721894759f6d8de5cf42c9c32f3a86ef3f62423d76351595896a367212e7a683b3c704879d379443c359a89ad69
- SSDEEP
  
  3072:TYhDJzq4xanmtqJqZRpXoKnH3nMwmFh9hAktZsuKuxNuDvP2m3Ofbj9E8DWuZHPM:QldXWthAktLHYafNLnZHZ5DM
Score

8^/10
- Drops file in Drivers directory
behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

RedLine payload

Executes dropped EXE

Suspicious use of SetThreadContext

Checks computer location settings

Checks computer location settings

Checks computer location settings

Checks computer location settings

RedLine

RedLine payload

Reads user/profile data of web browsers

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks installed software on the system

Suspicious use of SetThreadContext

Drops file in Drivers directory

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32