General

  • Target

    46666096ece6d7c0d0cd3e11eb60291607362dfc6a8ed65a843c9ee0a3091177

  • Size

    184KB

  • Sample

    221225-tcr3naeg8z

  • MD5

    aaa5b4869cec17f3d2b60f07ab1b2e2a

  • SHA1

    5e5f39f60d80a2590e0439a8ad73d659787b786a

  • SHA256

    b048676fea3158adf7f41512c7e2710c727a6156c7ee3eee51b69c99dd27c544

  • SHA512

    c56341d3c33f65a2b8a0b4a073c1e38030db2a72e6adf4f98ec95c4fd15db06c56cb64910cf9e239aafa71a701d4f06d0ec93b145dd903fa70fd06f9934d353b

  • SSDEEP

    3072:qsxQPYp+h8Rv8sze4cmWlQQMXk/A6ucLo7mN4GIafL1dKX64w6a86Xeb4mtWbSOq:w6cS8Ie4tW6QMsAnXM4GIeL464N6ubPr

Malware Config

Extracted

Family

redline

Botnet

11

C2

79.137.202.18:45218

Attributes
  • auth_value

    107e09eee63158d2488feb03dac75204

Targets

    • Target

      46666096ece6d7c0d0cd3e11eb60291607362dfc6a8ed65a843c9ee0a3091177

    • Size

      399KB

    • MD5

      d18952fdf658225bf98f98d5f0b39b96

    • SHA1

      152d865e5a34cfc366e7b25509aadf32f4738bfb

    • SHA256

      46666096ece6d7c0d0cd3e11eb60291607362dfc6a8ed65a843c9ee0a3091177

    • SHA512

      6f8202c90afa63e0a7da6933df31b187d2f6fcf6fb9b7ae55e7720730739c161c9a9c9f0d0016f2c7a84633681f461ad9c2b9590b7ca241011fd6800a3c28e14

    • SSDEEP

      6144:56DCxLT52vMishn5u9OC9ZjYAO42SksxyBZ04gM4DkfXin8DN:56DCxLT52vMiy7W2Dwkf9N

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scripting

1
T1064

Defense Evasion

Scripting

1
T1064

Credential Access

Credentials in Files

1
T1081

Collection

Data from Local System

1
T1005

Tasks