General

  • Target

    505509de0eccbd99559118cc90f42f5618c68827d963394afdef810c7fc3b2f1

  • Size

    184KB

  • Sample

    221225-wzdvnafa6z

  • MD5

    e574b3fb833124fb2e532611aa9b683b

  • SHA1

    8de194c0b5c47b782570ed6b33778b9d37cda866

  • SHA256

    2ae0029f6fea41c7d8ca9a4e0ad8cec0a5519d02cf34be7f76d0617ac5569b2a

  • SHA512

    7bdea1e0224fecb0f49b9888d86eca3244c4eb7343d5240580ee779d96c5cf154f96506f98f16da57c1b2c14910510992fad5e828df97409eddec9c289600538

  • SSDEEP

    3072:WDHJflUXx4+6cHzXzxRV/k+xhJL3LR+3nXva5J6fjWU5vH+QQ6PW5/Wp+a:Idqx4cXdr8+xhNqnXva5qjWmvy6Cu8a

Malware Config

Extracted

Family

redline

Botnet

11

C2

79.137.202.18:45218

Attributes
  • auth_value

    107e09eee63158d2488feb03dac75204

Targets

    • Target

      505509de0eccbd99559118cc90f42f5618c68827d963394afdef810c7fc3b2f1

    • Size

      399KB

    • MD5

      0ea45bddb097b50c089bea5ae3f5a6fd

    • SHA1

      4a9755d1e363803087d8f2c77d2c3cc5804196e2

    • SHA256

      505509de0eccbd99559118cc90f42f5618c68827d963394afdef810c7fc3b2f1

    • SHA512

      f70607e01a2b8fa2d60f54cace041ed12a3610d94f4e30f84b5b7cc7b48ae1c7725eb8aa69ea2aa5d3261bd772d239a7792c7817a0aac46e3e5702cb0184aad5

    • SSDEEP

      6144:p6DCxLT52vMishn5u9OC9ZjYAOkuXFGvNCy7QRO8GjTKXe/kXDN:p6DCxLT52vMiy7yuVfRO/TWN

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Command and Control

    Credential Access

    Defense Evasion

    Discovery

      Execution

        Exfiltration

          Impact

            Initial Access

              Lateral Movement

                Persistence

                  Privilege Escalation

                    Tasks