General

  • Target

    watchdog.exe

  • Size

    2.6MB

  • Sample

    221020-31x39accf7

  • MD5

    683d11458e44a8f700b04c3694710d7c

  • SHA1

    6eb33d062195d74648ea122daced528c2a05d7e0

  • SHA256

    73cd7f8cca43940c0f4f0234b7e32c6f17c2d2c3af810f5ea936a8cfbaa95c2a

  • SHA512

    fc0f08fb9b4816d2a993c2e0729add84f965c045009a6e261d43bd6e3a8b9bcbaf6e0bf5f6a84bc84356bc7a0c290a3b0934bdcb167428d4a874924ef925b851

  • SSDEEP

    49152:Iws0JBto87d2cl1UzJ2UjZUN354zNstjl3R:Iws0JBto87d2cl1EJ2FIzNst/

Malware Config

Extracted

Family

redline

Botnet

875784825

C2

79.137.192.6:8362

Targets

    • Target

      watchdog.exe

    • Size

      2.6MB

    • MD5

      683d11458e44a8f700b04c3694710d7c

    • SHA1

      6eb33d062195d74648ea122daced528c2a05d7e0

    • SHA256

      73cd7f8cca43940c0f4f0234b7e32c6f17c2d2c3af810f5ea936a8cfbaa95c2a

    • SHA512

      fc0f08fb9b4816d2a993c2e0729add84f965c045009a6e261d43bd6e3a8b9bcbaf6e0bf5f6a84bc84356bc7a0c290a3b0934bdcb167428d4a874924ef925b851

    • SSDEEP

      49152:Iws0JBto87d2cl1UzJ2UjZUN354zNstjl3R:Iws0JBto87d2cl1EJ2FIzNst/

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scripting

1
T1064

Defense Evasion

Scripting

1
T1064

Credential Access

Credentials in Files

1
T1081

Collection

Data from Local System

1
T1005

Tasks