General

  • Target

    96062d8acceacfd16b85960764411640718d9bc7b56cabd43cf664d07744368a

  • Size

    137KB

  • Sample

    221124-xx8spade48

  • MD5

    c8fbf7e62159275b2d13849b26341184

  • SHA1

    a1245f045d07a1edf3690b7a2e09b65036342f9a

  • SHA256

    96062d8acceacfd16b85960764411640718d9bc7b56cabd43cf664d07744368a

  • SHA512

    81b1c74d56900f034b7076091dbe2102b1a3434524b5c7d92e2310166bf6a059079181532db09a007207688a22e563f05d31081c509530ba122d1a385126c216

Malware Config

Extracted

Family

redline

Botnet

NewYear2023

C2

185.106.92.111:2510

Attributes
auth_value
99e9bde3b38509ea98c3316cc27e6106

Targets

    • Target

      96062d8acceacfd16b85960764411640718d9bc7b56cabd43cf664d07744368a

    • Size

      137KB

    • MD5

      c8fbf7e62159275b2d13849b26341184

    • SHA1

      a1245f045d07a1edf3690b7a2e09b65036342f9a

    • SHA256

      96062d8acceacfd16b85960764411640718d9bc7b56cabd43cf664d07744368a

    • SHA512

      81b1c74d56900f034b7076091dbe2102b1a3434524b5c7d92e2310166bf6a059079181532db09a007207688a22e563f05d31081c509530ba122d1a385126c216

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix

Command and Control

    Credential Access

    Defense Evasion

      Discovery

      Execution

        Exfiltration

          Impact

            Initial Access

              Lateral Movement

                Persistence

                  Privilege Escalation