Resubmissions

13-11-2023 22:04

231113-1yw23afg53 10

15-04-2022 07:01

220415-hs782adef5 10

General

  • Target

    AutoInstall.exe

  • Size

    1.8MB

  • Sample

    220415-hs782adef5

  • MD5

    d22dea0339065ec05cccf525b72a7b12

  • SHA1

    fb73af59c4498f28ffd714d467551ec465b77d7d

  • SHA256

    92cf7bd32bc8125a758cafd97fc06559994b57ed94f641f74f2da07de284aff3

  • SHA512

    9b947179aac2233f83e24f5892aeeba2aa2240f5bf32d323395e712ae02844b04e56abbea16e6e7c34559b7a4ad5ab53a9049bf6eb2a31cbcb59be180dfde573

Malware Config

Extracted

Family

redline

Botnet

@SDSAads2

C2

104.168.44.52:80

Attributes
  • auth_value

    589d0e9314616e09f68efd12b2086ab8

Targets

    • Target

      AutoInstall.exe

    • Size

      1.8MB

    • MD5

      d22dea0339065ec05cccf525b72a7b12

    • SHA1

      fb73af59c4498f28ffd714d467551ec465b77d7d

    • SHA256

      92cf7bd32bc8125a758cafd97fc06559994b57ed94f641f74f2da07de284aff3

    • SHA512

      9b947179aac2233f83e24f5892aeeba2aa2240f5bf32d323395e712ae02844b04e56abbea16e6e7c34559b7a4ad5ab53a9049bf6eb2a31cbcb59be180dfde573

    • Meta Stealer Stealer

      Meta Stealer steals passwords stored in browsers, written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks