General

  • Target

    2a63ec67519f9fd59f54c4ed1a6a9b82ca3e7f6e29cce42b42f41d3a68f0e64a

  • Size

    147KB

  • Sample

    221001-tgadeagcc8

  • MD5

    e27f77554f1a2623ad5bce9c3a7200b7

  • SHA1

    96c2d1160963618e19baeb052cf03f682edb1a4e

  • SHA256

    2a63ec67519f9fd59f54c4ed1a6a9b82ca3e7f6e29cce42b42f41d3a68f0e64a

  • SHA512

    58ebf1954b5381ed2b965fe8c526caed6a16ba5d1882826ed243caf605517386b85361e89c51dc8190c5c22a679b89ffa236566c6e432bbd33e5df04c4e462f3

  • SSDEEP

    3072:KHz4fM5+ZRAA3mb+EWmNQR7l7HgRlhlR1Aqbd:ffYyVENQR7ebl7Bd

Malware Config

Extracted

Family

redline

Botnet

inslab26

C2

185.182.194.25:8251

Attributes
  • auth_value

    7c9cbd0e489a3c7fd31006406cb96f5b

Extracted

Family

redline

Botnet

fud

C2

45.15.156.7:48638

Attributes
  • auth_value

    da2faefdcf53c9d85fcbb82d0cbf4876

Targets

    • Target

      2a63ec67519f9fd59f54c4ed1a6a9b82ca3e7f6e29cce42b42f41d3a68f0e64a

    • Size

      147KB

    • MD5

      e27f77554f1a2623ad5bce9c3a7200b7

    • SHA1

      96c2d1160963618e19baeb052cf03f682edb1a4e

    • SHA256

      2a63ec67519f9fd59f54c4ed1a6a9b82ca3e7f6e29cce42b42f41d3a68f0e64a

    • SHA512

      58ebf1954b5381ed2b965fe8c526caed6a16ba5d1882826ed243caf605517386b85361e89c51dc8190c5c22a679b89ffa236566c6e432bbd33e5df04c4e462f3

    • SSDEEP

      3072:KHz4fM5+ZRAA3mb+EWmNQR7l7HgRlhlR1Aqbd:ffYyVENQR7ebl7Bd

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Peripheral Device Discovery

1
T1120

Collection

Data from Local System

2
T1005

Command and Control

Web Service

1
T1102

Tasks