General

  • Target

    SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exe

  • Size

    216KB

  • Sample

    221129-s9bw9sch74

  • MD5

    34a852c0f62294480e1e6e154b00539a

  • SHA1

    6204b0e10eaf8094da16cb5ca7c325f1dbfa97f0

  • SHA256

    f461d11f2fac14f49aeedd66999b404cfce4138d27fe7e1da79f0aa85eee5149

  • SHA512

    3d1edf618361a6544937b7c2e5f74bc0d7793d5eb1738ccc3a5d47cf1819efd6ca4bd4bd55d883b7826ee59c6dd6287b5a611d4d4dcdd7a788e260a2c821bea4

  • SSDEEP

    3072:ehbc8yCxsFNcEyyrJ9WU4khLTvPZFzD0yfZNuzK/hRp1d53CDX5dINLqVqU:VCxGNp7FUyf2AhZjwINut

Malware Config

Extracted

Family

redline

Botnet

@P1

C2

193.106.191.138:32796

Attributes
  • auth_value

    54c79ce081122137049ee07c0a2f38ab

Targets

    • Target

      SecuriteInfo.com.Win32.PWSX-gen.7840.9995.exe

    • Size

      216KB

    • MD5

      34a852c0f62294480e1e6e154b00539a

    • SHA1

      6204b0e10eaf8094da16cb5ca7c325f1dbfa97f0

    • SHA256

      f461d11f2fac14f49aeedd66999b404cfce4138d27fe7e1da79f0aa85eee5149

    • SHA512

      3d1edf618361a6544937b7c2e5f74bc0d7793d5eb1738ccc3a5d47cf1819efd6ca4bd4bd55d883b7826ee59c6dd6287b5a611d4d4dcdd7a788e260a2c821bea4

    • SSDEEP

      3072:ehbc8yCxsFNcEyyrJ9WU4khLTvPZFzD0yfZNuzK/hRp1d53CDX5dINLqVqU:VCxGNp7FUyf2AhZjwINut

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scripting

1
T1064

Defense Evasion

Scripting

1
T1064

Credential Access

Credentials in Files

1
T1081

Collection

Data from Local System

1
T1005

Tasks