General

  • Target

    file

  • Size

    271KB

  • Sample

    221111-cdvrhaabgk

  • MD5

    36c51c0d146dbe9024e34b251421a72e

  • SHA1

    54e5325e012106703cd432d7568f974bd115a337

  • SHA256

    0ce402cf92619e1d76d785c01928ec54abcb73933bde93ef33bec31c6ec825f8

  • SHA512

    1d0d9f18510d32367dbb929ab2d8db74bd50fe0a07c19b3d860475f1e83ed8d3e2c0d3f925044243271f7b01b0fc1dcd2a49865ce6786ff8127df3c67b0c1687

  • SSDEEP

    3072:A5m+sPa0rSqvWxPtdlROun6IQiWxh4WZ9bOTTmofHsEUv/f:+sPa0rLw7Wu6ItWxhl9w6YU/f

Malware Config

Extracted

Family

redline

Botnet

PerseCloud Logs

C2

151.80.89.227:45878

Attributes
  • auth_value

    f35e78a6b4be27a5c8621510cdcfa361

Targets

    • Target

      file

    • Size

      271KB

    • MD5

      36c51c0d146dbe9024e34b251421a72e

    • SHA1

      54e5325e012106703cd432d7568f974bd115a337

    • SHA256

      0ce402cf92619e1d76d785c01928ec54abcb73933bde93ef33bec31c6ec825f8

    • SHA512

      1d0d9f18510d32367dbb929ab2d8db74bd50fe0a07c19b3d860475f1e83ed8d3e2c0d3f925044243271f7b01b0fc1dcd2a49865ce6786ff8127df3c67b0c1687

    • SSDEEP

      3072:A5m+sPa0rSqvWxPtdlROun6IQiWxh4WZ9bOTTmofHsEUv/f:+sPa0rLw7Wu6ItWxhl9w6YU/f

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scripting

1
T1064

Defense Evasion

Scripting

1
T1064

Credential Access

Credentials in Files

1
T1081

Collection

Data from Local System

1
T1005

Tasks