General

  • Target

    a3679e6c9bffd5313696c15aea5074be0aa0533ee1b6419ec06969a720be6951

  • Size

    343KB

  • Sample

    221206-eyz8tshd63

  • MD5

    b78af653a842b7b6c6c933a017e7a739

  • SHA1

    cfb6d102f411e5d98b81c6a541d415eedd8c6117

  • SHA256

    a3679e6c9bffd5313696c15aea5074be0aa0533ee1b6419ec06969a720be6951

  • SHA512

    afed350599526ecb11af07c44edffa555352b0d55ce70efd07e7b1b590c35ecce79ad0fd0da830f9a84e35f4c85e5f16cf1d08b082ca13708a7ffcdcec7a1bb5

  • SSDEEP

    3072:4d60Lv/51lTrToz86kRjpypcXmdy43rBClEPJ8fteIcFR/51e5BC3TXcne94rVLs:4d60jB1lnTXXmdy43rBBh7R/amTS6FhT

Malware Config

Extracted

Family

redline

C2

31.41.244.185:29803

Attributes
  • auth_value

    175af2c72516994a3af8e3bbf9479608

Targets

    • Target

      a3679e6c9bffd5313696c15aea5074be0aa0533ee1b6419ec06969a720be6951

    • Size

      343KB

    • MD5

      b78af653a842b7b6c6c933a017e7a739

    • SHA1

      cfb6d102f411e5d98b81c6a541d415eedd8c6117

    • SHA256

      a3679e6c9bffd5313696c15aea5074be0aa0533ee1b6419ec06969a720be6951

    • SHA512

      afed350599526ecb11af07c44edffa555352b0d55ce70efd07e7b1b590c35ecce79ad0fd0da830f9a84e35f4c85e5f16cf1d08b082ca13708a7ffcdcec7a1bb5

    • SSDEEP

      3072:4d60Lv/51lTrToz86kRjpypcXmdy43rBClEPJ8fteIcFR/51e5BC3TXcne94rVLs:4d60jB1lnTXXmdy43rBBh7R/amTS6FhT

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scripting

1
T1064

Defense Evasion

Scripting

1
T1064

Credential Access

Credentials in Files

1
T1081

Collection

Data from Local System

1
T1005

Tasks