General

  • Target

    d1c5b8fee60f06d610bf1894ed94325347646de4fcb6ce6a42d2aa378926f91e

  • Size

    687KB

  • Sample

    230324-jevw8afa7t

  • MD5

    0fe3309c85f98763fb2cd40b03a92069

  • SHA1

    c107040f93aaa930627e85e3333ad7aa7a0b13d8

  • SHA256

    d1c5b8fee60f06d610bf1894ed94325347646de4fcb6ce6a42d2aa378926f91e

  • SHA512

    a40bbc6b3248fb943771ad64d2f8fe4872890500447c95984358ff9a5055b705739de07d9ff6c8c2272ed05bf9a46aa846d239afbb77dd846d6d35e12a95d9bd

  • SSDEEP

    12288:t3KZUuB2nyy4KS3el7XLT5a2uZdAeZ0lgt1Pf53IejQGR7:trE2nyy4DQLLEJZdP06RYejZV

Malware Config

Extracted

Family

redline

Botnet

down

C2

193.233.20.31:4125

Attributes
  • auth_value

    12c31a90c72f5efae8c053a0bd339381

Extracted

Family

redline

Botnet

hero

C2

193.233.20.31:4125

Attributes
  • auth_value

    11f3c75a88ca461bcc8d6bf60a1193e3

Targets

    • Target

      d1c5b8fee60f06d610bf1894ed94325347646de4fcb6ce6a42d2aa378926f91e

    • Size

      687KB

    • MD5

      0fe3309c85f98763fb2cd40b03a92069

    • SHA1

      c107040f93aaa930627e85e3333ad7aa7a0b13d8

    • SHA256

      d1c5b8fee60f06d610bf1894ed94325347646de4fcb6ce6a42d2aa378926f91e

    • SHA512

      a40bbc6b3248fb943771ad64d2f8fe4872890500447c95984358ff9a5055b705739de07d9ff6c8c2272ed05bf9a46aa846d239afbb77dd846d6d35e12a95d9bd

    • SSDEEP

      12288:t3KZUuB2nyy4KS3el7XLT5a2uZdAeZ0lgt1Pf53IejQGR7:trE2nyy4DQLLEJZdP06RYejZV

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks