General

  • Target

    7ecebd28e0b5a7913e7523e6ff6f5fe9.exe

  • Size

    1.2MB

  • Sample

    221115-3y1flacd3t

  • MD5

    7ecebd28e0b5a7913e7523e6ff6f5fe9

  • SHA1

    c16f9b7c14c037ab414be6f8d70e8e600c30c99c

  • SHA256

    b68102eac02c085ecd5827133a4923806e23b9d5548206103759b7de28357a05

  • SHA512

    c6e8aac4bf0645bf66d84d4a9e53437d857893911fa6a0b850ca660094c450b90e9f650b793830e2e4653e48649c5504dcab259ea8d49ee3683fffab85ed06ae

  • SSDEEP

    24576:TC1IY8Y04oieNMgPAQMuPkVZq79sR0D/7vUy0:TCCBVJsisy0

Malware Config

Extracted

Family

redline

Botnet

love

C2

45.15.157.0:22789

Attributes
  • auth_value

    f2b8ce19d1b1584a3972de28dfe5bf40

Targets

    • Target

      7ecebd28e0b5a7913e7523e6ff6f5fe9.exe

    • Size

      1.2MB

    • MD5

      7ecebd28e0b5a7913e7523e6ff6f5fe9

    • SHA1

      c16f9b7c14c037ab414be6f8d70e8e600c30c99c

    • SHA256

      b68102eac02c085ecd5827133a4923806e23b9d5548206103759b7de28357a05

    • SHA512

      c6e8aac4bf0645bf66d84d4a9e53437d857893911fa6a0b850ca660094c450b90e9f650b793830e2e4653e48649c5504dcab259ea8d49ee3683fffab85ed06ae

    • SSDEEP

      24576:TC1IY8Y04oieNMgPAQMuPkVZq79sR0D/7vUy0:TCCBVJsisy0

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Collection

Data from Local System

1
T1005

Tasks