General

  • Target

    2d4c6d3afba4eeee3895c60c42be285e.exe

  • Size

    1.3MB

  • Sample

    220705-z96j7sfag6

  • MD5

    2d4c6d3afba4eeee3895c60c42be285e

  • SHA1

    4a9951869b11d9393365507422bbbeee9ed282a8

  • SHA256

    9afc87589b3c76f6c50238294539f53eb38a51f61b7d38db4637582f6b168692

  • SHA512

    d7347c8ecb2773abd32e9edb1e8606057751ffc82f5659014f830d8287fa1784b398cf84b1974d45077c05997ced9cfe5ca3b6f0e68ee50af376c582db11f37d

Malware Config

Extracted

Family

redline

C2

185.106.92.20:33168

Attributes
  • auth_value

    473a7a67f3a5b581eee05af44809068a

Targets

    • Target

      2d4c6d3afba4eeee3895c60c42be285e.exe

    • Size

      1.3MB

    • MD5

      2d4c6d3afba4eeee3895c60c42be285e

    • SHA1

      4a9951869b11d9393365507422bbbeee9ed282a8

    • SHA256

      9afc87589b3c76f6c50238294539f53eb38a51f61b7d38db4637582f6b168692

    • SHA512

      d7347c8ecb2773abd32e9edb1e8606057751ffc82f5659014f830d8287fa1784b398cf84b1974d45077c05997ced9cfe5ca3b6f0e68ee50af376c582db11f37d

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Collection

Data from Local System

1
T1005

Tasks