General

  • Target

    Bitcoin Mining Software 1.5v.exe

  • Size

    4.6MB

  • Sample

    211021-yjqwdsbfbk

  • MD5

    c9b0c2b2a7988eb97f7069bb423a7ffa

  • SHA1

    85d72dd1cdf60d9dd4c2696d950e63d163102c37

  • SHA256

    773b40c8007545afd1b563bdf17dab8225acd4bd6def35e4db95f70fca16371c

  • SHA512

    88dfcec430d3cbb3eaf63611373f38a17a0a752d2d42566310d7f5275acbb8d82cfa3e8e58def6b0ed4e10e062f8e77fd2b7536c0931a1a8ddaba89a236c4e92

Malware Config

Extracted

Family

redline

Botnet

@EstetikaSell

C2

185.209.22.181:29234

Targets

    • Target

      Bitcoin Mining Software 1.5v.exe

    • Size

      4.6MB

    • MD5

      c9b0c2b2a7988eb97f7069bb423a7ffa

    • SHA1

      85d72dd1cdf60d9dd4c2696d950e63d163102c37

    • SHA256

      773b40c8007545afd1b563bdf17dab8225acd4bd6def35e4db95f70fca16371c

    • SHA512

      88dfcec430d3cbb3eaf63611373f38a17a0a752d2d42566310d7f5275acbb8d82cfa3e8e58def6b0ed4e10e062f8e77fd2b7536c0931a1a8ddaba89a236c4e92

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Collection

Data from Local System

1
T1005

Tasks