General

  • Target

    6dc0c8e8a21dfde1379366fb0f7a14da5e276bc87173dfa18fe67428f3bd3f46

  • Size

    184KB

  • Sample

    221225-wbahbsfa31

  • MD5

    d1911510f8cde6c3d8a831edeefe0383

  • SHA1

    f4d7641633e45bf865a06f4e3775dcf420323492

  • SHA256

    952dcb1819d90cb9043d9656d7f7dba4da501ce94f07066f84bdb2a79f978b8b

  • SHA512

    106ad40e8a3839db3d5bc0b314f86bb634f7bfb3621da101bec69304c60e31a48dc3a5aa9fd66ef07a6dcc65f315ab937afbdaa1530fdc37835d9c5cd98b22ee

  • SSDEEP

    3072:7CBQ/DLEJ/tXwGVDaoEtGLd0Rd18WWXth/aNj9IQGPy6919wxWFa1UPTEES11j:7CBqLQfVitykDStxBP9jdMESLj

Malware Config

Extracted

Family

redline

Botnet

11

C2

79.137.202.18:45218

Attributes
  • auth_value

    107e09eee63158d2488feb03dac75204

Targets

    • Target

      6dc0c8e8a21dfde1379366fb0f7a14da5e276bc87173dfa18fe67428f3bd3f46

    • Size

      399KB

    • MD5

      bfe25c9c2514b4ba420be5b8e04b2dcc

    • SHA1

      0cb48b683468dfc76cf05388b2545ff5aa47f1e9

    • SHA256

      6dc0c8e8a21dfde1379366fb0f7a14da5e276bc87173dfa18fe67428f3bd3f46

    • SHA512

      40d49271435fe135da48554c097bab14a3bf8481d471f1c31914edf01140ff6ceda9b6c59939b64da9020a7682e31be435fdc63450899ddde92b2016f92f1d4e

    • SSDEEP

      6144:cnTC5+E5GP8MSR4X3+trN99jUAOufMQ03rNmcDN:cnTC5+E5GP8Mj3BsfMl5mcN

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scripting

1
T1064

Defense Evasion

Scripting

1
T1064

Credential Access

Credentials in Files

1
T1081

Collection

Data from Local System

1
T1005

Tasks