General

  • Target

    c0090156b0d8d5354da0ad43c555c9e70006aa0bfb7c8274003eeb2336153692

  • Size

    690KB

  • Sample

    230328-bdh72agb52

  • MD5

    0e311c3ecd949d87fc484b6161d38ac7

  • SHA1

    6a541dde37b478987c93356385fb4dee910e45be

  • SHA256

    c0090156b0d8d5354da0ad43c555c9e70006aa0bfb7c8274003eeb2336153692

  • SHA512

    28fb2fb77c2ec1c23063caf3b40b71b173ce1c8246a6bb85c211cca985a4098dee2db7ab642eb0c7114bc02b39db9fac31dabfa4d84e4ec9566eb54ab34450d7

  • SSDEEP

    12288:/Mr4y90ExaZK1ojDvq7qFPzyw65hLuAmXN4MmHvoF2IfigYjy/h2E7+WL:fy/MLrqMPuPfa3yMmHw2IagPDL

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Extracted

Family

redline

Botnet

from

C2

176.113.115.145:4125

Attributes
  • auth_value

    8633e283485822a4a48f0a41d5397566

Targets

    • Target

      c0090156b0d8d5354da0ad43c555c9e70006aa0bfb7c8274003eeb2336153692

    • Size

      690KB

    • MD5

      0e311c3ecd949d87fc484b6161d38ac7

    • SHA1

      6a541dde37b478987c93356385fb4dee910e45be

    • SHA256

      c0090156b0d8d5354da0ad43c555c9e70006aa0bfb7c8274003eeb2336153692

    • SHA512

      28fb2fb77c2ec1c23063caf3b40b71b173ce1c8246a6bb85c211cca985a4098dee2db7ab642eb0c7114bc02b39db9fac31dabfa4d84e4ec9566eb54ab34450d7

    • SSDEEP

      12288:/Mr4y90ExaZK1ojDvq7qFPzyw65hLuAmXN4MmHvoF2IfigYjy/h2E7+WL:fy/MLrqMPuPfa3yMmHw2IagPDL

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks