General

  • Target

    58842ac41cd254448a16cc6272a715def95c2e3357ed1638881eb48f2564e500

  • Size

    544KB

  • Sample

    230323-1x5mtaad84

  • MD5

    9fefcc34a02a9bd5e141d6671bd9328a

  • SHA1

    2648a33bbec64e698d55f8b3a388a735b2909aa9

  • SHA256

    58842ac41cd254448a16cc6272a715def95c2e3357ed1638881eb48f2564e500

  • SHA512

    2c1d43e7461c3b37a21090585e241dc59ebe48ced233c65ae10fd9fc1d08f2cf2b638a372c984c5993497ae83bb6dbdde88a1523e059498b510d235d80a46a62

  • SSDEEP

    12288:JMrVy90OUjL6IX90L0w8qgU9MLKwpY8bPozzpnS+Ai:ky5iL1X98QUMejvpnSHi

Malware Config

Extracted

Family

redline

Botnet

down

C2

193.233.20.31:4125

Attributes
  • auth_value

    12c31a90c72f5efae8c053a0bd339381

Extracted

Family

redline

Botnet

real

C2

193.233.20.31:4125

Attributes
  • auth_value

    bb22a50228754849387d5f4d1611e71b

Targets

    • Target

      58842ac41cd254448a16cc6272a715def95c2e3357ed1638881eb48f2564e500

    • Size

      544KB

    • MD5

      9fefcc34a02a9bd5e141d6671bd9328a

    • SHA1

      2648a33bbec64e698d55f8b3a388a735b2909aa9

    • SHA256

      58842ac41cd254448a16cc6272a715def95c2e3357ed1638881eb48f2564e500

    • SHA512

      2c1d43e7461c3b37a21090585e241dc59ebe48ced233c65ae10fd9fc1d08f2cf2b638a372c984c5993497ae83bb6dbdde88a1523e059498b510d235d80a46a62

    • SSDEEP

      12288:JMrVy90OUjL6IX90L0w8qgU9MLKwpY8bPozzpnS+Ai:ky5iL1X98QUMejvpnSHi

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks