General

  • Target

    e7f602c0768d84a897ccf1ec16918b97d86ff772e36e4cc094f6340bbd8ad92b

  • Size

    689KB

  • Sample

    230328-bhzqksaa5w

  • MD5

    b99d2d2c45c84cc3753989d8b6b0814a

  • SHA1

    337c5b310c7d39701c441243c3fb6e592d4bc09a

  • SHA256

    e7f602c0768d84a897ccf1ec16918b97d86ff772e36e4cc094f6340bbd8ad92b

  • SHA512

    c39744679ae21413ada5f79bca0bf435b231d9b9bf140ac05e72d4a8d7bc76523e04b27616c3753ad9adb38196ab7af91f8386aa58a9989e04ed815a8b7a1905

  • SSDEEP

    12288:EMrcy90YzSGQMFR7GjR/FzcKntoyY65hLuVwzoag8JMBJ+OgmJ2v+FEjfigYEd3O:wytlHocKtpXfa6g8J4g/mJ26EjagYEde

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Extracted

Family

redline

Botnet

from

C2

176.113.115.145:4125

Attributes
  • auth_value

    8633e283485822a4a48f0a41d5397566

Targets

    • Target

      e7f602c0768d84a897ccf1ec16918b97d86ff772e36e4cc094f6340bbd8ad92b

    • Size

      689KB

    • MD5

      b99d2d2c45c84cc3753989d8b6b0814a

    • SHA1

      337c5b310c7d39701c441243c3fb6e592d4bc09a

    • SHA256

      e7f602c0768d84a897ccf1ec16918b97d86ff772e36e4cc094f6340bbd8ad92b

    • SHA512

      c39744679ae21413ada5f79bca0bf435b231d9b9bf140ac05e72d4a8d7bc76523e04b27616c3753ad9adb38196ab7af91f8386aa58a9989e04ed815a8b7a1905

    • SSDEEP

      12288:EMrcy90YzSGQMFR7GjR/FzcKntoyY65hLuVwzoag8JMBJ+OgmJ2v+FEjfigYEd3O:wytlHocKtpXfa6g8J4g/mJ26EjagYEde

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks