General

  • Target

    209609199e47fecdd76a96dabf1f9cf5

  • Size

    372KB

  • Sample

    220412-kddrzscdf9

  • MD5

    209609199e47fecdd76a96dabf1f9cf5

  • SHA1

    4ad578096b72f376bd012d3f3ba6a6cd7f162432

  • SHA256

    217265e900ce6d8b7750e25c9d4560715f2e58be5a2aa9210ba4f9974ae760c8

  • SHA512

    b8893d5d367afb465420e1c0671510db6b1f4603458a0bd416f5ded0f670f7ccdef37133ddf0049dccd822d6b42b0565a94f7f0530d6093d80cedc4638ae08d9

Malware Config

Extracted

Family

redline

Botnet

123

C2

188.68.205.12:7053

Attributes
  • auth_value

    cba3087b3c1a6a9c43b3f96591452ea2

Targets

    • Target

      209609199e47fecdd76a96dabf1f9cf5

    • Size

      372KB

    • MD5

      209609199e47fecdd76a96dabf1f9cf5

    • SHA1

      4ad578096b72f376bd012d3f3ba6a6cd7f162432

    • SHA256

      217265e900ce6d8b7750e25c9d4560715f2e58be5a2aa9210ba4f9974ae760c8

    • SHA512

      b8893d5d367afb465420e1c0671510db6b1f4603458a0bd416f5ded0f670f7ccdef37133ddf0049dccd822d6b42b0565a94f7f0530d6093d80cedc4638ae08d9

    • LoaderBot

      LoaderBot is a loader written in .NET downloading and executing miners.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • LoaderBot executable

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.