General

  • Target

    file.exe

  • Size

    1.1MB

  • Sample

    221114-2d8qssdh99

  • MD5

    5e7c07b9aa0668fa2971747bb4fade1e

  • SHA1

    7fae544f73f2a8fb7a340a20ec47f76370fbd487

  • SHA256

    431a1c4ceae3411f5476eed27fc30ebd55138afb4c4e9dac3db9d4b8addbb361

  • SHA512

    5c9c65c99f0c8a5aaa2beac1a0c4304a1cb2ea808eeb6bbe11c2852d6e9fbad8bb68faa5f778848dade617e1c5ee1fb9dae566d7a064b05fdaa30a03019b868f

  • SSDEEP

    24576:UFN0MuPkLGGnOSibw038m26NvoxP9pR3asqdKX+iu+dLP22ALaCET:GWkBSTNqxP9f3aDi+iugT

Malware Config

Extracted

Family

redline

Botnet

rozena1114

C2

jalocliche.xyz:81

chardhesha.xyz:81

Attributes
  • auth_value

    9fefd743a3b62bcd7c3e17a70fbdb3a8

Targets

    • Target

      file.exe

    • Size

      1.1MB

    • MD5

      5e7c07b9aa0668fa2971747bb4fade1e

    • SHA1

      7fae544f73f2a8fb7a340a20ec47f76370fbd487

    • SHA256

      431a1c4ceae3411f5476eed27fc30ebd55138afb4c4e9dac3db9d4b8addbb361

    • SHA512

      5c9c65c99f0c8a5aaa2beac1a0c4304a1cb2ea808eeb6bbe11c2852d6e9fbad8bb68faa5f778848dade617e1c5ee1fb9dae566d7a064b05fdaa30a03019b868f

    • SSDEEP

      24576:UFN0MuPkLGGnOSibw038m26NvoxP9pR3asqdKX+iu+dLP22ALaCET:GWkBSTNqxP9f3aDi+iugT

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Collection

Data from Local System

1
T1005

Tasks