General

  • Target

    0f679420cfdca278cc906fe0304a14cd.exe

  • Size

    2.4MB

  • Sample

    220706-wevbxafeep

  • MD5

    0f679420cfdca278cc906fe0304a14cd

  • SHA1

    5e64da534eaeee4dbae4591a1fd10d0e9e7134b6

  • SHA256

    466d8ee83aa0e9197e9135b845fab890eb7ca3ad04c9060404cd9a25ab844600

  • SHA512

    f0373469f21631651eb557e80e076231b3f58ab0473f7b87747d473858c2d25b2d81c14b4d49741a544d8b321cd963f6a6f35f425ef5890eda68e4de88944110

Malware Config

Extracted

Family

redline

C2

213.226.123.155:2014

Attributes
  • auth_value

    acc89c018dd09af2c4427effeca07a04

Targets

    • Target

      0f679420cfdca278cc906fe0304a14cd.exe

    • Size

      2.4MB

    • MD5

      0f679420cfdca278cc906fe0304a14cd

    • SHA1

      5e64da534eaeee4dbae4591a1fd10d0e9e7134b6

    • SHA256

      466d8ee83aa0e9197e9135b845fab890eb7ca3ad04c9060404cd9a25ab844600

    • SHA512

      f0373469f21631651eb557e80e076231b3f58ab0473f7b87747d473858c2d25b2d81c14b4d49741a544d8b321cd963f6a6f35f425ef5890eda68e4de88944110

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Collection

Data from Local System

1
T1005

Tasks