General

  • Target

    ab280d89926fb13c73ca6fc90650db6de127d90b0f5a40db8a039f2ef2b9c684

  • Size

    688KB

  • Sample

    230328-bxad8sab4t

  • MD5

    a9a7647ad88eaee2c3d3486d45c9b980

  • SHA1

    a9425800c267d54d0ed7ec812994fa98613757e2

  • SHA256

    ab280d89926fb13c73ca6fc90650db6de127d90b0f5a40db8a039f2ef2b9c684

  • SHA512

    c4a79e85e4414298fba9ee09289721f04efbd5ee34a6b4ad2a6dd617d189dd2cda10f659faa656d8ad11df70b162ec441fc7495563c34e7710315cbc3bd44eef

  • SSDEEP

    12288:PMrgy90LiZYh02pFAyS65hLuydOK33uSvYNpSlOwumJev4F4pfigJWXCZ1K/9KE:7yeRBfayQKnuqioMFmJeg4pagJA+W3

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Extracted

Family

redline

Botnet

from

C2

176.113.115.145:4125

Attributes
  • auth_value

    8633e283485822a4a48f0a41d5397566

Targets

    • Target

      ab280d89926fb13c73ca6fc90650db6de127d90b0f5a40db8a039f2ef2b9c684

    • Size

      688KB

    • MD5

      a9a7647ad88eaee2c3d3486d45c9b980

    • SHA1

      a9425800c267d54d0ed7ec812994fa98613757e2

    • SHA256

      ab280d89926fb13c73ca6fc90650db6de127d90b0f5a40db8a039f2ef2b9c684

    • SHA512

      c4a79e85e4414298fba9ee09289721f04efbd5ee34a6b4ad2a6dd617d189dd2cda10f659faa656d8ad11df70b162ec441fc7495563c34e7710315cbc3bd44eef

    • SSDEEP

      12288:PMrgy90LiZYh02pFAyS65hLuydOK33uSvYNpSlOwumJev4F4pfigJWXCZ1K/9KE:7yeRBfayQKnuqioMFmJeg4pagJA+W3

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks