General

  • Target

    f751501b33b4d7e35aa20d08f718e5a8ed1c0471b4da1bdd2562a3536d83d58e

  • Size

    1MB

  • Sample

    220516-j14q9aacgk

  • MD5

    cb8cd07d32498986d817939e06ac4abb

  • SHA1

    1de2ea093784a9b7ff6d1fa6d6877fdae990bd42

  • SHA256

    f751501b33b4d7e35aa20d08f718e5a8ed1c0471b4da1bdd2562a3536d83d58e

  • SHA512

    4c37cbd33af706f265415a309f9b32a46836430597be5a929423b4eaffc498a25c853ab7806a39f2e641ac9e95d75f8306bf48c37958b6e9291db8d80ae0ad59

Malware Config

Extracted

Family

redline

Botnet

Install

C2

176.10.119.117:27038

Attributes
auth_value
701b6467f584b2d5c52fa31ecce6761d

Targets

    • Target

      f751501b33b4d7e35aa20d08f718e5a8ed1c0471b4da1bdd2562a3536d83d58e

    • Size

      1MB

    • MD5

      cb8cd07d32498986d817939e06ac4abb

    • SHA1

      1de2ea093784a9b7ff6d1fa6d6877fdae990bd42

    • SHA256

      f751501b33b4d7e35aa20d08f718e5a8ed1c0471b4da1bdd2562a3536d83d58e

    • SHA512

      4c37cbd33af706f265415a309f9b32a46836430597be5a929423b4eaffc498a25c853ab7806a39f2e641ac9e95d75f8306bf48c37958b6e9291db8d80ae0ad59

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Command and Control

    Credential Access

    Defense Evasion

      Discovery

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Persistence

                    Privilege Escalation