Resubmissions

31-07-2021 10:54

210731-ndslnzbtqn 10

30-07-2021 23:41

210730-flyceenazx 10

General

  • Target

    MAN.rar

  • Size

    1.4MB

  • Sample

    210730-flyceenazx

  • MD5

    afa10ee13619324df9355fc2ce468946

  • SHA1

    0fe5a112341b05f579ed097163953ddd165e7951

  • SHA256

    06cce4b7854749f9aecb85698eabfb3cee76b37fd345c97ba5071c2bb3978193

  • SHA512

    90b4df36362b3e3a5b061580cbc723bf7eb0997ff5de08908a3b18d9ce2c66f558c5d47d989303f6904b4ab24cbd6be782df68b4084f36de19a5a198a1a53475

Malware Config

Extracted

Family

redline

Botnet

mastif

C2

91.121.146.23:9519

Targets

    • Target

      MAN/Engine.js

    • Size

      870KB

    • MD5

      62ef5e3b94fef67f046b99b587fe013e

    • SHA1

      5f36e3fb609a35f405ade92982b7205111dabc63

    • SHA256

      125949ad84b6dff236614a3ef542f2a814b1024385fa9f9d64eb2403fd4b26fc

    • SHA512

      06654013becdf9e20479bf3140bc57b1dce5ef5d1512749b61539318be00fc384cbb80f0aa3e69b8d9f3fe4cc0e4c08f7504fde6d654b0bc0c2086349cf934fb

    Score
    1/10
    • Target

      MAN/Installer.exe

    • Size

      1.6MB

    • MD5

      8a1995805ad65999ec546a1074ac9887

    • SHA1

      11d5589ca5ebb127ea57b89ee5da89e0b64fa4c6

    • SHA256

      2040517dac0b553d4a589bb8c14ca4329022e0ce5e5d0ef0f2c08a2deb10fb5b

    • SHA512

      cad4e187956e4db24d291ea725caf89439440eb97ebe9fa76438b76ada66ecc01a4143bf688c6506ec5148c79338e7f581305d2cb8ad17552c558c62706ae777

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

    • Target

      MAN/xNet.dll

    • Size

      2.9MB

    • MD5

      0a56659cff9731c30ce87968cac0ef23

    • SHA1

      4fdef03ec3da0a74ec89e369df486035a4995c6d

    • SHA256

      ac5f7131a15c02620676ff6dc89ba6485bbe88aadd244d297586b438ce13c811

    • SHA512

      6653a3b51518ec0c611ca8fa639d49747dd8cd03622358f10f48c82b41b6dad840047ed72a09a74ecf94e2ddd5e813bbe76cbdc916d3e5a65d63f816e00f3039

    Score
    1/10

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks