General

  • Target

    3121319197d74f5566275fed514d2fcc301bba22c7c687946401c9feaed2667f

  • Size

    180KB

  • Sample

    221224-w2tnwsde9x

  • MD5

    5d8ad95c249706b050d8619574bf2528

  • SHA1

    cf6d0518e95d9a8a435006619575c64a816e906b

  • SHA256

    1aec51c4aa03a1ae2999ffe80c1d0f123a4ccf84407d2deb0c30256454bae889

  • SHA512

    48080a2ea6f6d8fac168b6afd31e9ae92f2e1a7acf303866a9caf5a27c443e342aa9dba65f39a1204d2c7aad64b65a7ba36d01955354f2fcfe38f0c7f7c7eeec

  • SSDEEP

    3072:w1vMVVfeB/cjt+AIdvahbexmZWcJffYmNCVRAQyLCXafBelbA+y:w1CVfeB/cwA9hei9wmNCr7yLCIBelbny

Malware Config

Extracted

Family

redline

Botnet

11

C2

79.137.202.18:45218

Attributes
  • auth_value

    107e09eee63158d2488feb03dac75204

Targets

    • Target

      3121319197d74f5566275fed514d2fcc301bba22c7c687946401c9feaed2667f

    • Size

      386KB

    • MD5

      cf15fbdc9ee423a036182972c85601ad

    • SHA1

      8fda4b5d42ed10c6d1c7021e70498233b33713f0

    • SHA256

      3121319197d74f5566275fed514d2fcc301bba22c7c687946401c9feaed2667f

    • SHA512

      ee35d6d68eae7ff6952a9a3c251e0011eda51dabf2d298475a3e276e962f8f084868c8d4b9d505f02b6f18f5b3424792d3e104a5d3b1e88d69bdf7804de7f4e1

    • SSDEEP

      12288:+RRMyUvkLk2zVcOjZh1rskSnQ4DJW0Wrf0S+n9dDuu788Xzwlrz2lB4ung2oonKo:+RWvr8B1skSnQ4DJW0Wrf0S+n9dDuu7D

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scripting

1
T1064

Defense Evasion

Scripting

1
T1064

Credential Access

Credentials in Files

1
T1081

Collection

Data from Local System

1
T1005

Tasks