General

  • Target

    4beda4d2e8d229fadee52954cd9df273b2f011116c02f187d8829388ce874b67

  • Size

    689KB

  • Sample

    230325-afwqgaab47

  • MD5

    f8f769d2a9b7243f44dc43e6ccb66ac8

  • SHA1

    bde46def7936c5468efda9f23a62965163002476

  • SHA256

    4beda4d2e8d229fadee52954cd9df273b2f011116c02f187d8829388ce874b67

  • SHA512

    3605365244c7360d71d7ff423a4818f8eb0e113461bbb2892d5a5b5e65c536913ed1116f8f824a418c1968aca0a3f97f3a74dfdcc9bf39bb803c690b9f2f9c67

  • SSDEEP

    12288:EMriy90Qaebeiuf53LZCzRu2uDV+sI0fMll0b7N4gFRV7597wfu:eyjzuhUzwnkW14ot

Malware Config

Extracted

Family

redline

Botnet

boris

C2

193.233.20.32:4125

Attributes
  • auth_value

    766b5bdf6dbefcf7ca223351952fc38f

Extracted

Family

redline

Botnet

lenka

C2

193.233.20.32:4125

Attributes
  • auth_value

    8a60e8b2ec79d6a7e92f9feac39b8830

Targets

    • Target

      4beda4d2e8d229fadee52954cd9df273b2f011116c02f187d8829388ce874b67

    • Size

      689KB

    • MD5

      f8f769d2a9b7243f44dc43e6ccb66ac8

    • SHA1

      bde46def7936c5468efda9f23a62965163002476

    • SHA256

      4beda4d2e8d229fadee52954cd9df273b2f011116c02f187d8829388ce874b67

    • SHA512

      3605365244c7360d71d7ff423a4818f8eb0e113461bbb2892d5a5b5e65c536913ed1116f8f824a418c1968aca0a3f97f3a74dfdcc9bf39bb803c690b9f2f9c67

    • SSDEEP

      12288:EMriy90Qaebeiuf53LZCzRu2uDV+sI0fMll0b7N4gFRV7597wfu:eyjzuhUzwnkW14ot

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks