General

  • Target

    9f8a1f56a75fcbae6a2a52fe6e74f00585e28b6aa8c02e380fb9a114d218c1d3

  • Size

    2MB

  • Sample

    221001-h97ntsgfdr

  • MD5

    48545b3a32bc83046785f5ef2cacb8f7

  • SHA1

    9e8cdfd6e5497c7a5b16792824fc5c9489c559b5

  • SHA256

    9f8a1f56a75fcbae6a2a52fe6e74f00585e28b6aa8c02e380fb9a114d218c1d3

  • SHA512

    8a6c5643f27967e2998ce93ceb57c9289ea0cf63d3d673b3f3a6b0815c3e87ac52eb7d3fab108a1d1a6bb6fbd106c43c33bde1817f697eb8301ff74f2c696aa9

Malware Config

Extracted

Family

redline

Botnet

TORRENTOLD

C2

amrican-sport-live-stream.cc:4581

Attributes
auth_value
74e1b58bf920611f04c0e3919954fe05

Targets

    • Target

      9f8a1f56a75fcbae6a2a52fe6e74f00585e28b6aa8c02e380fb9a114d218c1d3

    • Size

      2MB

    • MD5

      48545b3a32bc83046785f5ef2cacb8f7

    • SHA1

      9e8cdfd6e5497c7a5b16792824fc5c9489c559b5

    • SHA256

      9f8a1f56a75fcbae6a2a52fe6e74f00585e28b6aa8c02e380fb9a114d218c1d3

    • SHA512

      8a6c5643f27967e2998ce93ceb57c9289ea0cf63d3d673b3f3a6b0815c3e87ac52eb7d3fab108a1d1a6bb6fbd106c43c33bde1817f697eb8301ff74f2c696aa9

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • Modifies WinLogon for persistence

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Async RAT payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Command and Control

    Credential Access

    Defense Evasion

    Execution

      Exfiltration

        Impact

          Initial Access

            Lateral Movement

              Persistence

              Privilege Escalation