General

  • Target

    mixazed_20210706-183043

  • Size

    1.4MB

  • Sample

    210706-8efzcnd8pj

  • MD5

    97afea1db16077be6b8d3a57f9b7a037

  • SHA1

    540610e535d1a0cfac3725fd4d49fc2894665cf8

  • SHA256

    97f6f4bd2bc1104bbe4c1b3cfe8ac386e8b4a35f0c9d2b63bcee04afea965965

  • SHA512

    5938a2236cc6ac61977a42c4547ecc6e9c20c5cca29cb3e114970f90b28fe0daced06ee70490a604a0dbcee01565d5f6b1b49bf518ddcada1a50f9cc107d3a27

Malware Config

Extracted

Family

redline

Botnet

3

C2

185.215.113.46:61707

Targets

    • Target

      mixazed_20210706-183043

    • Size

      1.4MB

    • MD5

      97afea1db16077be6b8d3a57f9b7a037

    • SHA1

      540610e535d1a0cfac3725fd4d49fc2894665cf8

    • SHA256

      97f6f4bd2bc1104bbe4c1b3cfe8ac386e8b4a35f0c9d2b63bcee04afea965965

    • SHA512

      5938a2236cc6ac61977a42c4547ecc6e9c20c5cca29cb3e114970f90b28fe0daced06ee70490a604a0dbcee01565d5f6b1b49bf518ddcada1a50f9cc107d3a27

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Remote System Discovery

1
T1018

Collection

Data from Local System

2
T1005

Tasks