General

  • Target

    e2c3cefa3a5e25ab22229bf322d91d186cd0f74159f3c056b217a0ab9cb86446

  • Size

    680KB

  • Sample

    230324-nt22asea53

  • MD5

    e3eb8b895d242ea65d0fc2ba6a77c5e7

  • SHA1

    6162f7487284941c4a27bdcbb8182ce323364bc3

  • SHA256

    e2c3cefa3a5e25ab22229bf322d91d186cd0f74159f3c056b217a0ab9cb86446

  • SHA512

    146b30d7a4eeb7381c02116c96e9fe7a8956c3aa1301e81679b2a44b40c6d0c678f8ca4c8e45144e7bff778fcf4752c585321b006c015e6d04233c0b8d9f6e3c

  • SSDEEP

    12288:imMzFXFWH+sb7gsOV4Fcie32MPCXBCL2y/EArnF7mUeqlBCKVO2Ri:22HD26KieG1Xs/E6F7mJqlBCKHI

Malware Config

Extracted

Family

redline

Botnet

down

C2

193.233.20.31:4125

Attributes
  • auth_value

    12c31a90c72f5efae8c053a0bd339381

Extracted

Family

redline

Botnet

hero

C2

193.233.20.31:4125

Attributes
  • auth_value

    11f3c75a88ca461bcc8d6bf60a1193e3

Targets

    • Target

      e2c3cefa3a5e25ab22229bf322d91d186cd0f74159f3c056b217a0ab9cb86446

    • Size

      680KB

    • MD5

      e3eb8b895d242ea65d0fc2ba6a77c5e7

    • SHA1

      6162f7487284941c4a27bdcbb8182ce323364bc3

    • SHA256

      e2c3cefa3a5e25ab22229bf322d91d186cd0f74159f3c056b217a0ab9cb86446

    • SHA512

      146b30d7a4eeb7381c02116c96e9fe7a8956c3aa1301e81679b2a44b40c6d0c678f8ca4c8e45144e7bff778fcf4752c585321b006c015e6d04233c0b8d9f6e3c

    • SSDEEP

      12288:imMzFXFWH+sb7gsOV4Fcie32MPCXBCL2y/EArnF7mUeqlBCKVO2Ri:22HD26KieG1Xs/E6F7mJqlBCKHI

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks