General

  • Target

    8dca3a599a17e965df2f19ed90133e85c13f259c9cf3f0e1a4e22c4c129b03a0

  • Size

    294KB

  • Sample

    220928-nb1qhsfff9

  • MD5

    a94848c19d127e5d21a7798922fcd2b4

  • SHA1

    dca74e2ed1ef4c4ef06970b205f893e7914ef896

  • SHA256

    8dca3a599a17e965df2f19ed90133e85c13f259c9cf3f0e1a4e22c4c129b03a0

  • SHA512

    8087d0a02d9f754b8c3c1e0e81faeca71abe42b87091f5670713d36cd231e105f777db3b0cf06dd2f9dc527f8013893070d4684d9b1a3884b65f99f3233d7fb0

  • SSDEEP

    6144:DjiY8GrWCrniq6mj/Ub+nAc0XuE9igavwVfIf:DZ11rnMmI+naXuDRf

Malware Config

Extracted

Family

redline

Botnet

insmix

C2

jamesmillion2.xyz:9420

Attributes
  • auth_value

    f388a05524f756108c9e4b0f4c4bafb6

Extracted

Family

systembc

C2

141.98.82.229:4001

Targets

    • Target

      8dca3a599a17e965df2f19ed90133e85c13f259c9cf3f0e1a4e22c4c129b03a0

    • Size

      294KB

    • MD5

      a94848c19d127e5d21a7798922fcd2b4

    • SHA1

      dca74e2ed1ef4c4ef06970b205f893e7914ef896

    • SHA256

      8dca3a599a17e965df2f19ed90133e85c13f259c9cf3f0e1a4e22c4c129b03a0

    • SHA512

      8087d0a02d9f754b8c3c1e0e81faeca71abe42b87091f5670713d36cd231e105f777db3b0cf06dd2f9dc527f8013893070d4684d9b1a3884b65f99f3233d7fb0

    • SSDEEP

      6144:DjiY8GrWCrniq6mj/Ub+nAc0XuE9igavwVfIf:DZ11rnMmI+naXuDRf

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Deletes itself

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Tasks