General

  • Target

    78e835a570494846d421d78058be5d2a.bin

  • Size

    192KB

  • Sample

    230116-zwgnxsde54

  • MD5

    db72c6a96541fd7e7ddc1ce49cdbb021

  • SHA1

    01b0f764e91d18345abb7d7c8d37a0e8373a3d4d

  • SHA256

    fae37348cfd14e65151b2a218711f3c7fb8516a9828a870aa2225694885630d4

  • SHA512

    6644f3aff7fcb137e31b2cf2d96c8f8ad6e93dce8fc63743ed87ea3f4b97b5b2bc89447a807acb0011435b1bfbd30aa5c57126139b244bc9b461ccb47e455551

  • SSDEEP

    3072:5kmd99QLUJHsiZU3g0GvLuX1gfi1wBx34sjQ32ZiNYxTtte67e2VnsP8zIR2kG3t:5kulJMAwfXG4sjXZkYrtja2Jp0DqqnuH

Malware Config

Extracted

Family

redline

Botnet

11

C2

79.137.202.18:45218

Attributes
  • auth_value

    107e09eee63158d2488feb03dac75204

Targets

    • Target

      f80b159cd3d099a3e40ff671e2544df562639dd0cda61709f9e367288140e414.exe

    • Size

      417KB

    • MD5

      78e835a570494846d421d78058be5d2a

    • SHA1

      1531d8eed6cd96b14a79d99b13a0fa62308f3beb

    • SHA256

      f80b159cd3d099a3e40ff671e2544df562639dd0cda61709f9e367288140e414

    • SHA512

      fe726b39d1dfcdd3c9954d8af71130888b48137d73ffb06a2e7c7458062e36491ca9a8c39281b6cfe9a3a002e30fabdb92f6d1d837ab279960e4ff31f55dc7a5

    • SSDEEP

      12288:9uKsohhtrUeKlL/IdaUI5Skb8oQjOi+eP1R:bBUZsdOFQjyeP1

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Command and Control

    Credential Access

    Defense Evasion

    Discovery

      Execution

        Exfiltration

          Impact

            Initial Access

              Lateral Movement

                Persistence

                  Privilege Escalation

                    Tasks