General

  • Target

    3e7038e7051f91070da933aba39a0d70b6d4ec0805f4fd4adb2222f46aab39c3

  • Size

    146KB

  • Sample

    221001-mhdnwsfha5

  • MD5

    f882f6c0b8bd0ed1fda637d8f314d255

  • SHA1

    981f1105ccbbc303c400a006b851122dbca74241

  • SHA256

    3e7038e7051f91070da933aba39a0d70b6d4ec0805f4fd4adb2222f46aab39c3

  • SHA512

    fbe43b35efa4fed01bcce9ce4475fcff22bebf1ac49a18d9d6b3581c95ce8ea16ee78c4d6b634b04a74fdf88a32726a393854ba467014064a7d35b7f2eb2d99c

Malware Config

Extracted

Family

redline

Botnet

inslab26

C2

185.182.194.25:8251

Attributes
auth_value
7c9cbd0e489a3c7fd31006406cb96f5b

Extracted

Family

asyncrat

Version

0.5.7B

Botnet

Default

C2

sadcgvc.duckdns.org:6606

Attributes
delay
3
install
false
install_folder
%AppData%
aes.plain

Targets

    • Target

      3e7038e7051f91070da933aba39a0d70b6d4ec0805f4fd4adb2222f46aab39c3

    • Size

      146KB

    • MD5

      f882f6c0b8bd0ed1fda637d8f314d255

    • SHA1

      981f1105ccbbc303c400a006b851122dbca74241

    • SHA256

      3e7038e7051f91070da933aba39a0d70b6d4ec0805f4fd4adb2222f46aab39c3

    • SHA512

      fbe43b35efa4fed01bcce9ce4475fcff22bebf1ac49a18d9d6b3581c95ce8ea16ee78c4d6b634b04a74fdf88a32726a393854ba467014064a7d35b7f2eb2d99c

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Async RAT payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Command and Control

    Credential Access

    Defense Evasion

    Execution

      Exfiltration

        Impact

          Initial Access

            Lateral Movement

              Persistence

                Privilege Escalation