General

  • Target

    file.exe

  • Size

    558KB

  • Sample

    230125-mhntvshd31

  • MD5

    e97323e7179ec5b50092db05784cae8d

  • SHA1

    4881f0be7a06949eb8bccb0d056aafa7423fac87

  • SHA256

    8860322da9acde535927b05c46775e527b499330765d098d5d8ff8db790e6563

  • SHA512

    28da99924744c3b7830037090132222b04a584f0d8715907819aed701e1df2d6820b8cc592f092fb9a9d0f3dbe5a17462e48cc7642a5f7893ece89e130282c7d

  • SSDEEP

    12288:y6Kp+vUQyzW88fE9pjA+3Cph6D4s21rwBd0CMQ8LIgsEtt9:y6Kp+vezW88fE9gv6Dfi8d3M3IAtt9

Malware Config

Extracted

Family

redline

Botnet

Andriii_ff

C2

185.244.181.112:33056

Attributes
  • auth_value

    0318e100e6da39f286482d897715196b

Targets

    • Target

      file.exe

    • Size

      558KB

    • MD5

      e97323e7179ec5b50092db05784cae8d

    • SHA1

      4881f0be7a06949eb8bccb0d056aafa7423fac87

    • SHA256

      8860322da9acde535927b05c46775e527b499330765d098d5d8ff8db790e6563

    • SHA512

      28da99924744c3b7830037090132222b04a584f0d8715907819aed701e1df2d6820b8cc592f092fb9a9d0f3dbe5a17462e48cc7642a5f7893ece89e130282c7d

    • SSDEEP

      12288:y6Kp+vUQyzW88fE9pjA+3Cph6D4s21rwBd0CMQ8LIgsEtt9:y6Kp+vezW88fE9gv6Dfi8d3M3IAtt9

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scripting

1
T1064

Defense Evasion

Scripting

1
T1064

Credential Access

Credentials in Files

1
T1081

Collection

Data from Local System

1
T1005

Tasks