General

  • Target

    5617355fc6e72ae5bd26a384c93e73aeccebe7cb1d4f9f7dcbc0217f2f8efb83

  • Size

    700KB

  • Sample

    230327-1cewnafd23

  • MD5

    a36e8f3a2519ee51c701ae59135e44f7

  • SHA1

    2fc0bb797c63b43fe37a5e6a6d0c19e4567171f5

  • SHA256

    5617355fc6e72ae5bd26a384c93e73aeccebe7cb1d4f9f7dcbc0217f2f8efb83

  • SHA512

    78e0a49bc5d9983dd36a5d9659400b26a24a55c10d6356126ca6276df95137a5b103a95cd314c313610f68cb424a0f193cb6f2371f6456c676f96a06d66e2d52

  • SSDEEP

    12288:KMrby903ADgoQz9DVNcAA8FgW0sarXZm+JBRQcqvdGR:Jy107A8WW0sahJBqlQ

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Extracted

Family

redline

Botnet

from

C2

176.113.115.145:4125

Attributes
  • auth_value

    8633e283485822a4a48f0a41d5397566

Targets

    • Target

      5617355fc6e72ae5bd26a384c93e73aeccebe7cb1d4f9f7dcbc0217f2f8efb83

    • Size

      700KB

    • MD5

      a36e8f3a2519ee51c701ae59135e44f7

    • SHA1

      2fc0bb797c63b43fe37a5e6a6d0c19e4567171f5

    • SHA256

      5617355fc6e72ae5bd26a384c93e73aeccebe7cb1d4f9f7dcbc0217f2f8efb83

    • SHA512

      78e0a49bc5d9983dd36a5d9659400b26a24a55c10d6356126ca6276df95137a5b103a95cd314c313610f68cb424a0f193cb6f2371f6456c676f96a06d66e2d52

    • SSDEEP

      12288:KMrby903ADgoQz9DVNcAA8FgW0sarXZm+JBRQcqvdGR:Jy107A8WW0sahJBqlQ

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks