Resubmissions

07-05-2021 18:56

210507-2v7r2kd3q2 10

General

  • Target

    1a51248c75d910c49f184342a912fe9cb7ace5d8.exe

  • Size

    136KB

  • Sample

    210507-2v7r2kd3q2

  • MD5

    7eaf6cacffb2ae2b3c3b6c2b0491e2a5

  • SHA1

    1a51248c75d910c49f184342a912fe9cb7ace5d8

  • SHA256

    6308b2097dcba28565037a65fd9354fe7cecc13df2b7459ef91153760fa8dc42

  • SHA512

    1bd52476a59e05e6ec5de3dc4cf7705cea37668fc8b3d143f269123cb32a582f493ffa093c3fe2d6c647d1ccef31de51c922cf48eb6f96f87c99e3aebc3d6731

Malware Config

Extracted

Family

redline

Botnet

lyla

C2

87.251.71.4:80

Targets

    • Target

      1a51248c75d910c49f184342a912fe9cb7ace5d8.exe

    • Size

      136KB

    • MD5

      7eaf6cacffb2ae2b3c3b6c2b0491e2a5

    • SHA1

      1a51248c75d910c49f184342a912fe9cb7ace5d8

    • SHA256

      6308b2097dcba28565037a65fd9354fe7cecc13df2b7459ef91153760fa8dc42

    • SHA512

      1bd52476a59e05e6ec5de3dc4cf7705cea37668fc8b3d143f269123cb32a582f493ffa093c3fe2d6c647d1ccef31de51c922cf48eb6f96f87c99e3aebc3d6731

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks