General

  • Target

    775f35230e0d3bd996440811af08110905803280094996a22b02f6b7b85c6b32

  • Size

    399KB

  • Sample

    221225-vjvykabg56

  • MD5

    ac508206006eb41c605373e9793e7622

  • SHA1

    3223ac24de6fd4650bbcf1495e73944085bc0e07

  • SHA256

    775f35230e0d3bd996440811af08110905803280094996a22b02f6b7b85c6b32

  • SHA512

    9aa4d2d50a915919f1f238f0838636cfa6f7fc3e634508f5a110ac4097c919d9076753612af7c2e1c9013281ca4e1a209743560d2f0f01c8c9329c47b113ba2c

  • SSDEEP

    6144:RXryh+05ufk0kBRgujnFTuSh9NjYAO8tkoFXs0dCIwWFVDN:RXryh+05ufk0kRjESimqoFXshIwWjN

Malware Config

Extracted

Family

redline

Botnet

11

C2

79.137.202.18:45218

Attributes
  • auth_value

    107e09eee63158d2488feb03dac75204

Targets

    • Target

      775f35230e0d3bd996440811af08110905803280094996a22b02f6b7b85c6b32

    • Size

      399KB

    • MD5

      ac508206006eb41c605373e9793e7622

    • SHA1

      3223ac24de6fd4650bbcf1495e73944085bc0e07

    • SHA256

      775f35230e0d3bd996440811af08110905803280094996a22b02f6b7b85c6b32

    • SHA512

      9aa4d2d50a915919f1f238f0838636cfa6f7fc3e634508f5a110ac4097c919d9076753612af7c2e1c9013281ca4e1a209743560d2f0f01c8c9329c47b113ba2c

    • SSDEEP

      6144:RXryh+05ufk0kBRgujnFTuSh9NjYAO8tkoFXs0dCIwWFVDN:RXryh+05ufk0kRjESimqoFXshIwWjN

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Command and Control

    Credential Access

    Defense Evasion

    Discovery

      Execution

        Exfiltration

          Impact

            Initial Access

              Lateral Movement

                Persistence

                  Privilege Escalation

                    Tasks