General

  • Target

    b16162737244a2ecc1174b7fba6ac33954692688b22f85ef2702f6ca7206fdc2

  • Size

    556KB

  • Sample

    230216-3mjzgacc5w

  • MD5

    7afe2acdb885f28159c2c07fbd7af1c8

  • SHA1

    a68da7b5389d48d560625d3092bbca20f123f89a

  • SHA256

    b16162737244a2ecc1174b7fba6ac33954692688b22f85ef2702f6ca7206fdc2

  • SHA512

    9e1e039d5c7e4596c715fe62e0abaaf75f9382ba635e02c570bf2769bb984b3db65ad080a409d9dd21d6a36c3b77a0748e896072ea980f6f616ccda9190d3320

  • SSDEEP

    12288:vMr0y90Jg3zWxcQJAx450wHut91dthZUs0F5wDgXUK:ny+Au9WwHutt6s0FQo

Malware Config

Extracted

Family

redline

Botnet

dubka

C2

193.233.20.13:4136

Attributes
  • auth_value

    e5a9421183a033f283b2f23139b471f0

Extracted

Family

redline

Botnet

ruma

C2

193.233.20.13:4136

Attributes
  • auth_value

    647d00dfaba082a4a30f383bca5d1a2a

Targets

    • Target

      b16162737244a2ecc1174b7fba6ac33954692688b22f85ef2702f6ca7206fdc2

    • Size

      556KB

    • MD5

      7afe2acdb885f28159c2c07fbd7af1c8

    • SHA1

      a68da7b5389d48d560625d3092bbca20f123f89a

    • SHA256

      b16162737244a2ecc1174b7fba6ac33954692688b22f85ef2702f6ca7206fdc2

    • SHA512

      9e1e039d5c7e4596c715fe62e0abaaf75f9382ba635e02c570bf2769bb984b3db65ad080a409d9dd21d6a36c3b77a0748e896072ea980f6f616ccda9190d3320

    • SSDEEP

      12288:vMr0y90Jg3zWxcQJAx450wHut91dthZUs0F5wDgXUK:ny+Au9WwHutt6s0FQo

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks