Resubmissions

24-12-2024 10:34

241224-ml9kqsvnby 10

29-12-2022 00:42

221229-a2pjaaca83 10

General

  • Target

    setup_1672269576.7470105.exe

  • Size

    741.9MB

  • Sample

    221229-a2pjaaca83

  • MD5

    c2dbf7d8557eec0f260ba9d846edff99

  • SHA1

    7cd3035f2b43d4a2a24e72d8019d9d3caa6a3920

  • SHA256

    b1963e0039867cc0186325bd199ab5d26a38e8099784c7e7255d0fe38e42ac52

  • SHA512

    5886b2ba22e509c7268750e656e7fafb16bd5c05b544185326b817abbdb2d8e1bb389ce10155f74557e1d365f9e67d3fed71c56d9b539a179a67f2440f27275a

  • SSDEEP

    6144:a5YUA8cX4JrpYBzI2YsoUmpdIfIX1r0877TsT:sv2YImpGo1r0E0T

Malware Config

Extracted

Family

redline

Botnet

1086881322_99

C2

sevenways.top:3306

sevenways.top:28786

Attributes
  • auth_value

    c7b4b3ad5c912786e8dea8b34a307b0d

Targets

    • Target

      setup_1672269576.7470105.exe

    • Size

      741.9MB

    • MD5

      c2dbf7d8557eec0f260ba9d846edff99

    • SHA1

      7cd3035f2b43d4a2a24e72d8019d9d3caa6a3920

    • SHA256

      b1963e0039867cc0186325bd199ab5d26a38e8099784c7e7255d0fe38e42ac52

    • SHA512

      5886b2ba22e509c7268750e656e7fafb16bd5c05b544185326b817abbdb2d8e1bb389ce10155f74557e1d365f9e67d3fed71c56d9b539a179a67f2440f27275a

    • SSDEEP

      6144:a5YUA8cX4JrpYBzI2YsoUmpdIfIX1r0877TsT:sv2YImpGo1r0E0T

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks