Resubmissions

29-11-2022 18:36

221129-w9c14shd6t 10

29-11-2022 18:34

221129-w72axshc5v 10

General

  • Target

    driver.exe

  • Size

    2.5MB

  • Sample

    221129-w9c14shd6t

  • MD5

    3a3fa6e19b606f700fa5a0d238de8915

  • SHA1

    6211694e6cd50584f368b87f7c69bf2eda502c90

  • SHA256

    1fc42b8450c8ffb2c4189e3064cd08edf0ff3259e9ccbb635dde6ae0782eae1a

  • SHA512

    83c2c913f5147341c5334b05b207715e648b9778f1cd1a7af6888f714e7fe04585ba21cd9440a7a3e8c280c99acc8f8a397a400897ebae0fb0ecb60320eaf48b

  • SSDEEP

    24576:KxTo3fi6zSaHcsFV03AQgs5ehYWTnxoQ/D2+mpS/5sqR91ldaHQqenA4jBmkg1gU:IT22ZePnxogDP/5fF7aHGg0j0

Malware Config

Extracted

Family

redline

C2

45.15.157.131:36457

Attributes
  • auth_value

    c3342eec6a24dd88f1e2d37af96605d8

Targets

    • Target

      driver.exe

    • Size

      2.5MB

    • MD5

      3a3fa6e19b606f700fa5a0d238de8915

    • SHA1

      6211694e6cd50584f368b87f7c69bf2eda502c90

    • SHA256

      1fc42b8450c8ffb2c4189e3064cd08edf0ff3259e9ccbb635dde6ae0782eae1a

    • SHA512

      83c2c913f5147341c5334b05b207715e648b9778f1cd1a7af6888f714e7fe04585ba21cd9440a7a3e8c280c99acc8f8a397a400897ebae0fb0ecb60320eaf48b

    • SSDEEP

      24576:KxTo3fi6zSaHcsFV03AQgs5ehYWTnxoQ/D2+mpS/5sqR91ldaHQqenA4jBmkg1gU:IT22ZePnxogDP/5fF7aHGg0j0

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scripting

1
T1064

Defense Evasion

Scripting

1
T1064

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Collection

Data from Local System

1
T1005

Tasks