General

  • Target

    dd0c7e97e325c16559776c821df9ba6dbcd926e94f112a098903b787f0b889e1

  • Size

    685KB

  • Sample

    230327-sxtasagb6s

  • MD5

    2099b0cbff7871ad9f2f50e3987794f6

  • SHA1

    bd61b3898e1a42f7227a442e3cb7e939b124f045

  • SHA256

    dd0c7e97e325c16559776c821df9ba6dbcd926e94f112a098903b787f0b889e1

  • SHA512

    acb6d339e04e2580fb99d6a73b54115456b791e9ae5493a6262c2b54865d9a81adc3d85bb51f452e17dce4a872d63ad68399a982ad3b2adde1e1f0050aae22ee

  • SSDEEP

    12288:+Mr2y9068efCXyIDO6aS1qJxkiY/qsXmQLYB77qEBSCHE6ytxPP9J:EyNvmgIqWNdMF7BgCHE6ytxP1J

Malware Config

Extracted

Family

redline

Botnet

sony

C2

193.233.20.33:4125

Attributes
  • auth_value

    1d93d1744381eeb4fcfd7c23ffe0f0b4

Extracted

Family

redline

Botnet

nice

C2

193.233.20.33:4125

Attributes
  • auth_value

    a7371b75699e8bc7c51fb960e8ac9e81

Targets

    • Target

      dd0c7e97e325c16559776c821df9ba6dbcd926e94f112a098903b787f0b889e1

    • Size

      685KB

    • MD5

      2099b0cbff7871ad9f2f50e3987794f6

    • SHA1

      bd61b3898e1a42f7227a442e3cb7e939b124f045

    • SHA256

      dd0c7e97e325c16559776c821df9ba6dbcd926e94f112a098903b787f0b889e1

    • SHA512

      acb6d339e04e2580fb99d6a73b54115456b791e9ae5493a6262c2b54865d9a81adc3d85bb51f452e17dce4a872d63ad68399a982ad3b2adde1e1f0050aae22ee

    • SSDEEP

      12288:+Mr2y9068efCXyIDO6aS1qJxkiY/qsXmQLYB77qEBSCHE6ytxPP9J:EyNvmgIqWNdMF7BgCHE6ytxP1J

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks