General

  • Target

    d5a4071b7a2b6f45c5178f636bfa1b93.exe

  • Size

    295KB

  • Sample

    220605-p8m2csegfl

  • MD5

    d5a4071b7a2b6f45c5178f636bfa1b93

  • SHA1

    89f57ed6b2659e21bdc10c4e7d80efb339d13b3a

  • SHA256

    bd7bdf1fe2307d49c71109ee8a7759b1919bccf1f0e6ee3daa76cf3834d7e3be

  • SHA512

    35d5e7f58fef352d1ed74fbd22fb4da226e0fbc46324ecc34475bd0ee16ce8ab006d165e52d5444c77f4f14abd6a724dcf121dba47e1db9ccf94360394db9e66

Malware Config

Extracted

Family

redline

Botnet

1

C2

89.22.227.236:22009

Attributes
  • auth_value

    2a9c7589a4287e8852c51a7124d88669

Targets

    • Target

      d5a4071b7a2b6f45c5178f636bfa1b93.exe

    • Size

      295KB

    • MD5

      d5a4071b7a2b6f45c5178f636bfa1b93

    • SHA1

      89f57ed6b2659e21bdc10c4e7d80efb339d13b3a

    • SHA256

      bd7bdf1fe2307d49c71109ee8a7759b1919bccf1f0e6ee3daa76cf3834d7e3be

    • SHA512

      35d5e7f58fef352d1ed74fbd22fb4da226e0fbc46324ecc34475bd0ee16ce8ab006d165e52d5444c77f4f14abd6a724dcf121dba47e1db9ccf94360394db9e66

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Collection

Data from Local System

1
T1005

Tasks