General

  • Target

    d434a19741b7854ed6c3f8f4a35bfbd0400516abc2a3b6297835df01a8b660cb

  • Size

    239KB

  • Sample

    230116-pcnm1sae9t

  • MD5

    c13f79f3a549175a175e82bb335a7d08

  • SHA1

    fed1581184a575f662b234a1572b3e0a247207a8

  • SHA256

    d434a19741b7854ed6c3f8f4a35bfbd0400516abc2a3b6297835df01a8b660cb

  • SHA512

    edefd04db56d108543419e8baaf30df992108412275458568206cf8554ab098204bc536ca895f6fad5f04389e687951edb334e2467905f6aa90a471560f967cc

  • SSDEEP

    3072:kN+eckJ9E6A98QECSMHUCeDCDrD/9k6tSdtRqjtUy6XxTpfQ3Emxby1rrrrrrrrI:ockJ9zA98/0HO4tWvYsAl6rrrrrrrrI

Malware Config

Extracted

Family

redline

Botnet

1

C2

librchichelpai.shop:81

rniwondunuifac.shop:81

Attributes
  • auth_value

    b6c86adb7106e9ee7247628f59e06830

Targets

    • Target

      d434a19741b7854ed6c3f8f4a35bfbd0400516abc2a3b6297835df01a8b660cb

    • Size

      239KB

    • MD5

      c13f79f3a549175a175e82bb335a7d08

    • SHA1

      fed1581184a575f662b234a1572b3e0a247207a8

    • SHA256

      d434a19741b7854ed6c3f8f4a35bfbd0400516abc2a3b6297835df01a8b660cb

    • SHA512

      edefd04db56d108543419e8baaf30df992108412275458568206cf8554ab098204bc536ca895f6fad5f04389e687951edb334e2467905f6aa90a471560f967cc

    • SSDEEP

      3072:kN+eckJ9E6A98QECSMHUCeDCDrD/9k6tSdtRqjtUy6XxTpfQ3Emxby1rrrrrrrrI:ockJ9zA98/0HO4tWvYsAl6rrrrrrrrI

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks