General

  • Target

    watchdog.exe

  • Size

    2.3MB

  • Sample

    221022-e4vkjaafb8

  • MD5

    70e9d9ea20e20326b3b7aa72d0421306

  • SHA1

    fa748e956b7e30cd1e02049f80a74e0b64b69f58

  • SHA256

    94927ab5236e3207a586d7a5ae3964384907381a3d6bee138ae49093d295a5bd

  • SHA512

    a15a0b600602943355201d22c6f885ab1b6a718b3c8c2035373445dcf6c6e2c9d62bfe33e3cb8ae24e9a53cbf4657e697ac1265386e2987be67a6742540e32c6

  • SSDEEP

    24576:CLVfYsYskxXqMs+IYzSuAp+1JP0GxVWEAfhGL6aSljl3RuQ55313y:CLv+P/VWEAfhGqjl3Q

Malware Config

Extracted

Family

redline

Botnet

875784825

C2

79.137.192.6:8362

Targets

    • Target

      watchdog.exe

    • Size

      2.3MB

    • MD5

      70e9d9ea20e20326b3b7aa72d0421306

    • SHA1

      fa748e956b7e30cd1e02049f80a74e0b64b69f58

    • SHA256

      94927ab5236e3207a586d7a5ae3964384907381a3d6bee138ae49093d295a5bd

    • SHA512

      a15a0b600602943355201d22c6f885ab1b6a718b3c8c2035373445dcf6c6e2c9d62bfe33e3cb8ae24e9a53cbf4657e697ac1265386e2987be67a6742540e32c6

    • SSDEEP

      24576:CLVfYsYskxXqMs+IYzSuAp+1JP0GxVWEAfhGL6aSljl3RuQ55313y:CLv+P/VWEAfhGqjl3Q

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scripting

1
T1064

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Scripting

1
T1064

Credential Access

Credentials in Files

1
T1081

Collection

Data from Local System

1
T1005

Tasks