General

  • Target

    0fdeafeda5401dd9a63c5d2b3297af4a0c55acb3eacd415f26b48698209c1f4a

  • Size

    129KB

  • Sample

    220926-1g731acae5

  • MD5

    dee926d270f9fafad58ac3b23556c6c8

  • SHA1

    4bf63b928e7e921cb872fd9037fc2e52d73ad7d9

  • SHA256

    0fdeafeda5401dd9a63c5d2b3297af4a0c55acb3eacd415f26b48698209c1f4a

  • SHA512

    63334c471cb558e7f1c828911d36814c8bc155396ea00c56b09283f1c6c379e16fbb40b3025b837fab61521abfa74abee4b27c10feb28d4b2631ce3afa4df7cf

  • SSDEEP

    3072:2o8gydZjcJUhT55WW/wUXlQ1pCkhqWTAA4G18uA4gAvx15B:2eojc2N/wXH7BTx4G17AK

Malware Config

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @mr_golds)

C2

77.73.134.27:7161

Attributes
  • auth_value

    4b2de03af6b6ac513ac597c2e6c1ad51

Extracted

Family

redline

Botnet

inslab26

C2

185.182.194.25:8251

Attributes
  • auth_value

    7c9cbd0e489a3c7fd31006406cb96f5b

Targets

    • Target

      0fdeafeda5401dd9a63c5d2b3297af4a0c55acb3eacd415f26b48698209c1f4a

    • Size

      129KB

    • MD5

      dee926d270f9fafad58ac3b23556c6c8

    • SHA1

      4bf63b928e7e921cb872fd9037fc2e52d73ad7d9

    • SHA256

      0fdeafeda5401dd9a63c5d2b3297af4a0c55acb3eacd415f26b48698209c1f4a

    • SHA512

      63334c471cb558e7f1c828911d36814c8bc155396ea00c56b09283f1c6c379e16fbb40b3025b837fab61521abfa74abee4b27c10feb28d4b2631ce3afa4df7cf

    • SSDEEP

      3072:2o8gydZjcJUhT55WW/wUXlQ1pCkhqWTAA4G18uA4gAvx15B:2eojc2N/wXH7BTx4G17AK

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Collection

Data from Local System

2
T1005

Tasks