General

  • Target

    afa21b8e6cc042a3546b05712331df47c8300fc3ae3cb34dbf6dce70d9681f6a

  • Size

    403KB

  • Sample

    221226-abss1scc73

  • MD5

    949d963edbc7650225a54920c7f38bb2

  • SHA1

    1a5436b35fab4c1cc7d02a2c67ae5cd49557b5f8

  • SHA256

    afa21b8e6cc042a3546b05712331df47c8300fc3ae3cb34dbf6dce70d9681f6a

  • SHA512

    fee8ab14d6d985809998fe27ab67d325daca83285c618378ffa0b1d19b4fd417819a03e2409cbc016b5d3d58e259b97b30f040696972820f1871b86cc9cf3cee

  • SSDEEP

    6144:5HNZ37xo0++Wa/Jcupbq4C4a/Nn0AO5Q96/QjE0DqDB0tNB+ZiA/Sta:5Hf7xo0++Wa/J5EXGDoBJE

Malware Config

Extracted

Family

redline

Botnet

11

C2

79.137.202.18:45218

Attributes
  • auth_value

    107e09eee63158d2488feb03dac75204

Targets

    • Target

      afa21b8e6cc042a3546b05712331df47c8300fc3ae3cb34dbf6dce70d9681f6a

    • Size

      403KB

    • MD5

      949d963edbc7650225a54920c7f38bb2

    • SHA1

      1a5436b35fab4c1cc7d02a2c67ae5cd49557b5f8

    • SHA256

      afa21b8e6cc042a3546b05712331df47c8300fc3ae3cb34dbf6dce70d9681f6a

    • SHA512

      fee8ab14d6d985809998fe27ab67d325daca83285c618378ffa0b1d19b4fd417819a03e2409cbc016b5d3d58e259b97b30f040696972820f1871b86cc9cf3cee

    • SSDEEP

      6144:5HNZ37xo0++Wa/Jcupbq4C4a/Nn0AO5Q96/QjE0DqDB0tNB+ZiA/Sta:5Hf7xo0++Wa/J5EXGDoBJE

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Command and Control

    Credential Access

    Defense Evasion

    Discovery

      Execution

        Exfiltration

          Impact

            Initial Access

              Lateral Movement

                Persistence

                  Privilege Escalation

                    Tasks