General

  • Target

    a305bdda8ac263de0ffd3063265ebf112749b9c57e2f88434c63a6511f10c380

  • Size

    533KB

  • Sample

    210926-2f6zzsfcgl

  • MD5

    831ca5fc3856855a593810e3ba542ae7

  • SHA1

    7eec6bb43bea39c4383830a6245c359feab7bcc7

  • SHA256

    a305bdda8ac263de0ffd3063265ebf112749b9c57e2f88434c63a6511f10c380

  • SHA512

    6ac935584e73b248cbe475b26a5e6b2b2d382f58cd72d0e53d745de5369f9a78df197282b844acec84fb2c6cdd19c5c4831f5a7c032a320c16cb70194a2df90c

Malware Config

Extracted

Family

redline

Botnet

mix27.09

C2

185.215.113.15:6043

Targets

    • Target

      a305bdda8ac263de0ffd3063265ebf112749b9c57e2f88434c63a6511f10c380

    • Size

      533KB

    • MD5

      831ca5fc3856855a593810e3ba542ae7

    • SHA1

      7eec6bb43bea39c4383830a6245c359feab7bcc7

    • SHA256

      a305bdda8ac263de0ffd3063265ebf112749b9c57e2f88434c63a6511f10c380

    • SHA512

      6ac935584e73b248cbe475b26a5e6b2b2d382f58cd72d0e53d745de5369f9a78df197282b844acec84fb2c6cdd19c5c4831f5a7c032a320c16cb70194a2df90c

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger

      suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger

    • suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

      suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v6

Tasks