General

  • Target

    Minecraft_v4.4.exe

  • Size

    195KB

  • Sample

    210726-1gnxshwta6

  • MD5

    75ae04f0b6f9cef7fd9849e1dc8d6ec5

  • SHA1

    64bebd642cae5d4dea5a6853df5a769cc251bb14

  • SHA256

    eff4049dba8118d9feb24762301082096710681ee2310cf8afa404898ae6a133

  • SHA512

    6688505ce37f5a2ce5e42ed2e92ad446afd8c7888f2c320f7e43c82e87c15f32f510265b23bbf55f0ce54a1d5012c75f480a23f22744ff3a6cc99c39187809e7

Malware Config

Extracted

Family

redline

Botnet

ytmaloy10

C2

46.8.19.196:53773

Targets

    • Target

      Minecraft_v4.4.exe

    • Size

      195KB

    • MD5

      75ae04f0b6f9cef7fd9849e1dc8d6ec5

    • SHA1

      64bebd642cae5d4dea5a6853df5a769cc251bb14

    • SHA256

      eff4049dba8118d9feb24762301082096710681ee2310cf8afa404898ae6a133

    • SHA512

      6688505ce37f5a2ce5e42ed2e92ad446afd8c7888f2c320f7e43c82e87c15f32f510265b23bbf55f0ce54a1d5012c75f480a23f22744ff3a6cc99c39187809e7

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks