General

  • Target

    6c3390a343af0c88fd4cf0aabcc3f8c30e614a58d57c0ed59a8ac97e80437c90

  • Size

    128KB

  • Sample

    220927-dqcl5acdc5

  • MD5

    82d6ebc258e831548fff6fcc51ac17d5

  • SHA1

    5491b9dbf0d1331d61df2a7e381edbe735f1bae7

  • SHA256

    6c3390a343af0c88fd4cf0aabcc3f8c30e614a58d57c0ed59a8ac97e80437c90

  • SHA512

    5fabb72ff19df9d4db34553bfa5d92db22ab9f58863478d5b1db204bb140a2a1950db1005dfcfe7297ac94abda690656a54c033cf3d281e2885d172aad73a1fa

Malware Config

Extracted

Family

redline

Botnet

11

C2

77.73.134.27:7161

Attributes
auth_value
e6aadafed1fda7723d7655a5894828d2

Extracted

Family

redline

Botnet

install

C2

212.8.244.233:43690

Attributes
auth_value
cbce7277fef2185d93b8332df3940ad5

Targets

    • Target

      6c3390a343af0c88fd4cf0aabcc3f8c30e614a58d57c0ed59a8ac97e80437c90

    • Size

      128KB

    • MD5

      82d6ebc258e831548fff6fcc51ac17d5

    • SHA1

      5491b9dbf0d1331d61df2a7e381edbe735f1bae7

    • SHA256

      6c3390a343af0c88fd4cf0aabcc3f8c30e614a58d57c0ed59a8ac97e80437c90

    • SHA512

      5fabb72ff19df9d4db34553bfa5d92db22ab9f58863478d5b1db204bb140a2a1950db1005dfcfe7297ac94abda690656a54c033cf3d281e2885d172aad73a1fa

    • Detects Smokeloader packer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Command and Control

    Credential Access

    Defense Evasion

    Execution

      Exfiltration

        Impact

          Initial Access

            Lateral Movement

              Persistence

                Privilege Escalation