Resubmissions

13/10/2022, 14:01

221013-rb3fwsgff8 10

13/10/2022, 13:49

221013-q47qmsgcd2 10

12/10/2022, 16:55

221012-ve9adscdaq 10

General

  • Target

    4c596d32f75e3a84e48c36e8fc8025fd.exe

  • Size

    488KB

  • Sample

    221013-q47qmsgcd2

  • MD5

    4c596d32f75e3a84e48c36e8fc8025fd

  • SHA1

    6a03c9d53e10c752b66b677e528fbcd1a70a6d0c

  • SHA256

    f78477275d79d0eead0b62d3355df9be273518c54eeac3719a97823365cee858

  • SHA512

    0b159fe0b1766c27c89f65069fb3d33a59b3fc3efd7519629497df3ec07eda1b938819a2b0faa6cf2c305a736c3c93d409d42901c744644e11867a06bd7796c2

  • SSDEEP

    6144:k9Cq6V1jfMRWYYIveLu6SE8jvx09SJTs7ci4aMC7WGS3swOco36deigavwVfe5K0:fV1DopYIe1SE8juQOf4RCw3dJTxuuB

Malware Config

Extracted

Family

redline

Botnet

world10

C2

jamesmillion.xyz:15772

Attributes
  • auth_value

    a74a2e49cd85c6f93cb4e7fc8691721c

Targets

    • Target

      4c596d32f75e3a84e48c36e8fc8025fd.exe

    • Size

      488KB

    • MD5

      4c596d32f75e3a84e48c36e8fc8025fd

    • SHA1

      6a03c9d53e10c752b66b677e528fbcd1a70a6d0c

    • SHA256

      f78477275d79d0eead0b62d3355df9be273518c54eeac3719a97823365cee858

    • SHA512

      0b159fe0b1766c27c89f65069fb3d33a59b3fc3efd7519629497df3ec07eda1b938819a2b0faa6cf2c305a736c3c93d409d42901c744644e11867a06bd7796c2

    • SSDEEP

      6144:k9Cq6V1jfMRWYYIveLu6SE8jvx09SJTs7ci4aMC7WGS3swOco36deigavwVfe5K0:fV1DopYIe1SE8juQOf4RCw3dJTxuuB

    • Detect Neshta payload

    • Modifies system executable filetype association

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks