General

  • Target

    ba433b5999b683001205825fd41ef65c32f8b8e90f4d2ee62385c6b50c2ed209

  • Size

    690KB

  • Sample

    230328-bsr4gsab2v

  • MD5

    a2aae0b671b1bc782097483a7fc32065

  • SHA1

    7ab9f5c1ddb8df8abf3272df9884e960d14c655e

  • SHA256

    ba433b5999b683001205825fd41ef65c32f8b8e90f4d2ee62385c6b50c2ed209

  • SHA512

    29f2819ee939918c39741ef036e3deb2c12562b5de88260e41e998d01e9b9278c99213eba10ebc20705ded4c79931e7d6ac2e929911581f19bcc0e176fed725f

  • SSDEEP

    12288:wMrqy90AG4U9/biS46GfIyK65hLu7UXyxLuXd2D+vdFLlfigs/28pbDVdQ4:KyPyiSBGx5fa7UXS0cD+vLlagDkbD3b

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Extracted

Family

redline

Botnet

from

C2

176.113.115.145:4125

Attributes
  • auth_value

    8633e283485822a4a48f0a41d5397566

Targets

    • Target

      ba433b5999b683001205825fd41ef65c32f8b8e90f4d2ee62385c6b50c2ed209

    • Size

      690KB

    • MD5

      a2aae0b671b1bc782097483a7fc32065

    • SHA1

      7ab9f5c1ddb8df8abf3272df9884e960d14c655e

    • SHA256

      ba433b5999b683001205825fd41ef65c32f8b8e90f4d2ee62385c6b50c2ed209

    • SHA512

      29f2819ee939918c39741ef036e3deb2c12562b5de88260e41e998d01e9b9278c99213eba10ebc20705ded4c79931e7d6ac2e929911581f19bcc0e176fed725f

    • SSDEEP

      12288:wMrqy90AG4U9/biS46GfIyK65hLu7UXyxLuXd2D+vdFLlfigs/28pbDVdQ4:KyPyiSBGx5fa7UXS0cD+vLlagDkbD3b

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks