General

  • Target

    7644466223.zip

  • Size

    5.0MB

  • Sample

    220628-vbc3sacfc2

  • MD5

    65488a8564ed14cfe35c2915e659f4a9

  • SHA1

    a29f5b1d2ff1647204165fc0e4cd7b87f96181f1

  • SHA256

    c318a99c2ae429bedb66978a044cf511e390e3f4b5dc35bf283f5719956b001f

  • SHA512

    e9e98e59493fc7a59320787b0aac7f81902207679b7b4ecf719b919b7937cb9f187bb6faa887b0c84b45c2d412ed138b5e4bc08c5086895cf07073c4753376cd

Malware Config

Extracted

Family

redline

Botnet

Notepad_2

C2

194.36.177.124:39456

Attributes
  • auth_value

    37464cc4dd294b9925a8c1092e1c72a9

Targets

    • Target

      f2394824fcf883e783347ca22f5c610c65e6168e428d382e89fff96b70ae7dc2

    • Size

      440.0MB

    • MD5

      215f71b938daacad9625b251c880264a

    • SHA1

      22689156e4318332f2560f1a4909febc19226582

    • SHA256

      f2394824fcf883e783347ca22f5c610c65e6168e428d382e89fff96b70ae7dc2

    • SHA512

      8818b88cbe303a377a0a0fcb0497eeab863ecf9097fa37553b3d52e87b3133562af58196fe49c3089e983e5f11c330ca740dc2fef12206715e5c35f47aa6ccc1

    • Detect PureCrypter loader

    • PureCrypter

      PureCrypter is a loader which is intended for downloading and executing additional payloads.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks