409a345a063f2fc853b7b45c060970231d9fdc6b45344.exe

General
Target

409a345a063f2fc853b7b45c060970231d9fdc6b45344.exe

Size

1MB

Sample

220514-se1bdacgcn

Score
10 /10
MD5

c52e23f559f027c6af598ff0a4c3497d

SHA1

0e6de0682ae5d89a6530a6c6e03054f5aaeb0662

SHA256

409a345a063f2fc853b7b45c060970231d9fdc6b453444ae855b7fda4be50021

SHA512

802159c0fa6034dfc4278ee470aef46a52947006b007ae6a90391377d6c9b3774c999c30ab8d62a10869bf4d459736da4b70ce97d7771bf849effff7714e6428

Malware Config

Extracted

Family redline
Botnet test1
C2

23.88.112.179:19536

Attributes
auth_value
68c6114f4d4c471ad88677f54e75676f
Targets
Target

409a345a063f2fc853b7b45c060970231d9fdc6b45344.exe

MD5

c52e23f559f027c6af598ff0a4c3497d

Filesize

1MB

Score
10/10
SHA1

0e6de0682ae5d89a6530a6c6e03054f5aaeb0662

SHA256

409a345a063f2fc853b7b45c060970231d9fdc6b453444ae855b7fda4be50021

SHA512

802159c0fa6034dfc4278ee470aef46a52947006b007ae6a90391377d6c9b3774c999c30ab8d62a10869bf4d459736da4b70ce97d7771bf849effff7714e6428

Tags

Signatures

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • RedLine Payload

  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery
  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup FolderModify Registry
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation
                Tasks

                static1

                behavioral2

                7/10