General

  • Target

    b25c837592a7b8ba2e17e25d0097ce2ff2f52bf725fe43a8afe64d2fdb8dfdb4

  • Size

    695KB

  • Sample

    230327-xvlv5sgh6z

  • MD5

    c95d4d970cda70c280f37991dff60df3

  • SHA1

    aabf35d37e133fe7e72929020d4855c983808230

  • SHA256

    b25c837592a7b8ba2e17e25d0097ce2ff2f52bf725fe43a8afe64d2fdb8dfdb4

  • SHA512

    b98cc261874aa981e3537d3b9cbe7dadc979690b72ed4641acfcd738c16b84288af6b58b0f5de4ccf6d309a5aed50bd770b31d9ecf132dc53017b858dfba0448

  • SSDEEP

    12288:yMrKy90qlGLsMZrPJh8yRBwNb6poB3FQMylueujsAvPSezhLJJhKtNAc1SHj3tf/:IyhT8F2yY33FQMylueXAyqhFWtNAcQD1

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Extracted

Family

redline

Botnet

from

C2

176.113.115.145:4125

Attributes
  • auth_value

    8633e283485822a4a48f0a41d5397566

Targets

    • Target

      b25c837592a7b8ba2e17e25d0097ce2ff2f52bf725fe43a8afe64d2fdb8dfdb4

    • Size

      695KB

    • MD5

      c95d4d970cda70c280f37991dff60df3

    • SHA1

      aabf35d37e133fe7e72929020d4855c983808230

    • SHA256

      b25c837592a7b8ba2e17e25d0097ce2ff2f52bf725fe43a8afe64d2fdb8dfdb4

    • SHA512

      b98cc261874aa981e3537d3b9cbe7dadc979690b72ed4641acfcd738c16b84288af6b58b0f5de4ccf6d309a5aed50bd770b31d9ecf132dc53017b858dfba0448

    • SSDEEP

      12288:yMrKy90qlGLsMZrPJh8yRBwNb6poB3FQMylueujsAvPSezhLJJhKtNAc1SHj3tf/:IyhT8F2yY33FQMylueXAyqhFWtNAcQD1

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.