General

  • Target

    0b631c4fb431d496b31c1381376f7e70.exe

  • Size

    1.3MB

  • Sample

    220917-e7874ahbd2

  • MD5

    0b631c4fb431d496b31c1381376f7e70

  • SHA1

    48f24368aefd0f53a418627a2e36a05fcd391ac5

  • SHA256

    b3f2f31bff8ef9370d05c3b1f0ac28acd50870e35f20c96e8336585d8a3a97a4

  • SHA512

    6f7aa06358f836777dd8fa886a51145a0b46fac485423a3b4e0a8f7d7e54c75710296ef288f31f3271f00349fa1d34787a7b536f2488d46f79dbbf4a36050a41

  • SSDEEP

    24576:imHhScn10aEUYTYmhYvrYIMLFdC8uuIRsFIT3LS:imBScn10a3FdRsFIT3L

Malware Config

Extracted

Family

redline

Botnet

5

C2

5.61.49.60:1446

Attributes
  • auth_value

    9efbb486a7fa97e03174517a775da52c

Targets

    • Target

      0b631c4fb431d496b31c1381376f7e70.exe

    • Size

      1.3MB

    • MD5

      0b631c4fb431d496b31c1381376f7e70

    • SHA1

      48f24368aefd0f53a418627a2e36a05fcd391ac5

    • SHA256

      b3f2f31bff8ef9370d05c3b1f0ac28acd50870e35f20c96e8336585d8a3a97a4

    • SHA512

      6f7aa06358f836777dd8fa886a51145a0b46fac485423a3b4e0a8f7d7e54c75710296ef288f31f3271f00349fa1d34787a7b536f2488d46f79dbbf4a36050a41

    • SSDEEP

      24576:imHhScn10aEUYTYmhYvrYIMLFdC8uuIRsFIT3LS:imBScn10a3FdRsFIT3L

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Collection

Data from Local System

1
T1005

Tasks