General

  • Target

    2e6e8729d76dc13a750db437a1677e60d579f785714e7c5bbff65085be0f08bf

  • Size

    128KB

  • Sample

    220927-bqeqdadden

  • MD5

    69b8dfbd266127bac6dd9d91b268ffce

  • SHA1

    5cdc96bf8f2ff08c5a227eaea76288bb6d1fc5bc

  • SHA256

    2e6e8729d76dc13a750db437a1677e60d579f785714e7c5bbff65085be0f08bf

  • SHA512

    d8c313d5373998e609d730de17b7ada2ef5295ccbd30288c70167e2ff48e906431f124ccc1dfd85e73b7e9a8540f4bca7b1ba6a27734ad985cf0fcde75167b43

Malware Config

Extracted

Family

redline

Botnet

11

C2

77.73.134.27:7161

Attributes
auth_value
e6aadafed1fda7723d7655a5894828d2

Extracted

Family

redline

Botnet

install

C2

212.8.244.233:43690

Attributes
auth_value
cbce7277fef2185d93b8332df3940ad5

Targets

    • Target

      2e6e8729d76dc13a750db437a1677e60d579f785714e7c5bbff65085be0f08bf

    • Size

      128KB

    • MD5

      69b8dfbd266127bac6dd9d91b268ffce

    • SHA1

      5cdc96bf8f2ff08c5a227eaea76288bb6d1fc5bc

    • SHA256

      2e6e8729d76dc13a750db437a1677e60d579f785714e7c5bbff65085be0f08bf

    • SHA512

      d8c313d5373998e609d730de17b7ada2ef5295ccbd30288c70167e2ff48e906431f124ccc1dfd85e73b7e9a8540f4bca7b1ba6a27734ad985cf0fcde75167b43

    • Detects Smokeloader packer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Command and Control

    Credential Access

    Defense Evasion

    Execution

      Exfiltration

        Impact

          Initial Access

            Lateral Movement

              Persistence

                Privilege Escalation