General

  • Target

    b1ac2eacf8ae1475b0067ab67590f32c4bc496395ae4deef80eda2d1009d9d98

  • Size

    2.5MB

  • Sample

    221129-wldyhafb6v

  • MD5

    611e31ce10a647fa2e0387673fa63e2a

  • SHA1

    bd4d2bbc1d833064cc472d3f62f9d79208fbba41

  • SHA256

    b1ac2eacf8ae1475b0067ab67590f32c4bc496395ae4deef80eda2d1009d9d98

  • SHA512

    07026e9416520bc6e38ebe522622278126f17597905c7ea60dd9c07d595263a1c5fb3e569f1269b0bfc45b1c59dcacc5fa259556af0f759c830a9d037b53dc9b

  • SSDEEP

    24576:2RjcXgYLSaH8MlV0/AGQsHE9iWJnVo2FDq6mZC/36Kp/letoreojRqkuvgLNVuQQ:8jh3E7nVoYDv/3DpfuQNk

Malware Config

Extracted

Family

redline

Botnet

@P1

C2

193.106.191.138:32796

Attributes
  • auth_value

    54c79ce081122137049ee07c0a2f38ab

Targets

    • Target

      b1ac2eacf8ae1475b0067ab67590f32c4bc496395ae4deef80eda2d1009d9d98

    • Size

      2.5MB

    • MD5

      611e31ce10a647fa2e0387673fa63e2a

    • SHA1

      bd4d2bbc1d833064cc472d3f62f9d79208fbba41

    • SHA256

      b1ac2eacf8ae1475b0067ab67590f32c4bc496395ae4deef80eda2d1009d9d98

    • SHA512

      07026e9416520bc6e38ebe522622278126f17597905c7ea60dd9c07d595263a1c5fb3e569f1269b0bfc45b1c59dcacc5fa259556af0f759c830a9d037b53dc9b

    • SSDEEP

      24576:2RjcXgYLSaH8MlV0/AGQsHE9iWJnVo2FDq6mZC/36Kp/letoreojRqkuvgLNVuQQ:8jh3E7nVoYDv/3DpfuQNk

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scripting

1
T1064

Defense Evasion

Scripting

1
T1064

Credential Access

Credentials in Files

1
T1081

Collection

Data from Local System

1
T1005

Tasks