General

  • Target

    6dc0c8e8a21dfde1379366fb0f7a14da5e276bc87173dfa18fe67428f3bd3f46

  • Size

    184KB

  • Sample

    221225-tave1abf98

  • MD5

    277d20ee5e9f4a6ab62990441bd12e22

  • SHA1

    15e08d7900176007c6983016df5808d5555c1ac3

  • SHA256

    68925b75b27024c8188cc906db3437cb3b1d5a6c86809b23cb2c07b36033462b

  • SHA512

    e1f9cb2045df4642c0898b1a7eaf94e3f097c171a017083a99e75ada8fe59915cfa6ed107e28080c57e22e478b811136d407db162341c2816adaeef45ef9c4a7

  • SSDEEP

    3072:FCBQ/DLEJ/tXwGVDaoEtGLd0Rd18WWXth/aNj9IQGPy6919wxWFa1UPTEES11Z:FCBqLQfVitykDStxBP9jdMESLZ

Malware Config

Extracted

Family

redline

Botnet

11

C2

79.137.202.18:45218

Attributes
  • auth_value

    107e09eee63158d2488feb03dac75204

Targets

    • Target

      6dc0c8e8a21dfde1379366fb0f7a14da5e276bc87173dfa18fe67428f3bd3f46

    • Size

      399KB

    • MD5

      bfe25c9c2514b4ba420be5b8e04b2dcc

    • SHA1

      0cb48b683468dfc76cf05388b2545ff5aa47f1e9

    • SHA256

      6dc0c8e8a21dfde1379366fb0f7a14da5e276bc87173dfa18fe67428f3bd3f46

    • SHA512

      40d49271435fe135da48554c097bab14a3bf8481d471f1c31914edf01140ff6ceda9b6c59939b64da9020a7682e31be435fdc63450899ddde92b2016f92f1d4e

    • SSDEEP

      6144:cnTC5+E5GP8MSR4X3+trN99jUAOufMQ03rNmcDN:cnTC5+E5GP8Mj3BsfMl5mcN

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scripting

1
T1064

Defense Evasion

Scripting

1
T1064

Credential Access

Credentials in Files

1
T1081

Collection

Data from Local System

1
T1005

Tasks