General

  • Target

    62434278.exe

  • Size

    4.0MB

  • Sample

    220323-fcvlwsfdd2

  • MD5

    a9dcb01f21ef3159226eb0c179d26767

  • SHA1

    31606eecdbb999c83908e3ac9cb3b64c43923992

  • SHA256

    7dd0e4164bf63cdd163874c0f58e165362de6f109c2d750150c877f3018108c2

  • SHA512

    5c7a4a6846514dd8eb3498d89a9d28519c6220654670c02e18aec2a6c28ad64db338c1a202052bb83c3f3d221c2ec2b713bd59705d35efaec21e7e331e9f4919

Malware Config

Extracted

Family

redline

Botnet

@JABKA9983

C2

92.255.85.137:41320

Attributes
  • auth_value

    507a0c408947972b94cf44475f601269

Targets

    • Target

      62434278.exe

    • Size

      4.0MB

    • MD5

      a9dcb01f21ef3159226eb0c179d26767

    • SHA1

      31606eecdbb999c83908e3ac9cb3b64c43923992

    • SHA256

      7dd0e4164bf63cdd163874c0f58e165362de6f109c2d750150c877f3018108c2

    • SHA512

      5c7a4a6846514dd8eb3498d89a9d28519c6220654670c02e18aec2a6c28ad64db338c1a202052bb83c3f3d221c2ec2b713bd59705d35efaec21e7e331e9f4919

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Collection

Data from Local System

1
T1005

Tasks