General

  • Target

    a22615f728c6afca13934887a2554ac2.exe

  • Size

    1MB

  • Sample

    220823-m99weadfhk

  • MD5

    a22615f728c6afca13934887a2554ac2

  • SHA1

    590aa81a3e7c4082f50e025d83ffd44efb597d5e

  • SHA256

    e8331e9e61062bf95c5a06f24ceecb293a9f127d2a92107165f24429bd4d6ea6

  • SHA512

    850c7911c959956f14cfce5c1688fab66ac4c73b99a5f247578ac03d0b7269632549a2974ed077e24b49c6c93af6ed30565f1344fb8028b41dc80c19909d1eab

Malware Config

Extracted

Family

redline

Botnet

Install

C2

188.34.188.23:29685

Attributes
auth_value
316c7d90748b703f5cb58ce9b8b39e9f

Targets

    • Target

      a22615f728c6afca13934887a2554ac2.exe

    • Size

      1MB

    • MD5

      a22615f728c6afca13934887a2554ac2

    • SHA1

      590aa81a3e7c4082f50e025d83ffd44efb597d5e

    • SHA256

      e8331e9e61062bf95c5a06f24ceecb293a9f127d2a92107165f24429bd4d6ea6

    • SHA512

      850c7911c959956f14cfce5c1688fab66ac4c73b99a5f247578ac03d0b7269632549a2974ed077e24b49c6c93af6ed30565f1344fb8028b41dc80c19909d1eab

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Command and Control

    Credential Access

    Defense Evasion

      Discovery

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Persistence

                    Privilege Escalation