General

  • Target

    e38539579385c3b9d287ebad39fcb85d8f952f8fd459bd4789d3aa48498b15bc

  • Size

    4.6MB

  • Sample

    211021-hyn3caaaa3

  • MD5

    dde802cb5ee205fad7f2f6bc04b546b8

  • SHA1

    3a41170c27e13179d0c01236a5f4d090b84d3bf5

  • SHA256

    e38539579385c3b9d287ebad39fcb85d8f952f8fd459bd4789d3aa48498b15bc

  • SHA512

    eb95988bf0f3f750cfbb42f804e67a1f1ff907ed6015ee873e27ea1380bd55375b12d7d724308ce667fd15b4d3e58ef8f30482aefb935b24ed7dcc2a18d82549

Malware Config

Extracted

Family

redline

Botnet

2

C2

135.181.6.55:60846

Targets

    • Target

      e38539579385c3b9d287ebad39fcb85d8f952f8fd459bd4789d3aa48498b15bc

    • Size

      4.6MB

    • MD5

      dde802cb5ee205fad7f2f6bc04b546b8

    • SHA1

      3a41170c27e13179d0c01236a5f4d090b84d3bf5

    • SHA256

      e38539579385c3b9d287ebad39fcb85d8f952f8fd459bd4789d3aa48498b15bc

    • SHA512

      eb95988bf0f3f750cfbb42f804e67a1f1ff907ed6015ee873e27ea1380bd55375b12d7d724308ce667fd15b4d3e58ef8f30482aefb935b24ed7dcc2a18d82549

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Collection

Data from Local System

1
T1005

Tasks