General

  • Target

    69aa5a77c1bd855eea3803d8e89ce754432fd667a39940e8b1d122c6f97a96d3

  • Size

    690KB

  • Sample

    230328-fg6jysag8w

  • MD5

    e3a20848e167c677f90121527a27cb4c

  • SHA1

    c72d0512dfb2c0e88607f0b5f644f7d4c4b62a0e

  • SHA256

    69aa5a77c1bd855eea3803d8e89ce754432fd667a39940e8b1d122c6f97a96d3

  • SHA512

    ade95602919bc863e7a9d1b9f4dd1fccb37470b3a0b9bf33fe516e689f0c2c5acbf5ebe39236e971c13e9c6d6ce4509a1e9100b0d0e7b505eecfa65b10713b9e

  • SSDEEP

    12288:oMrOy9085aY1fsFkfFy065hLuwkqK33uSHhWoPGLkpezlOv1FVSfig06CKRF3kdL:mymYGF/7fawzKnuulUkpcOnVSagzTcZv

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Extracted

Family

redline

Botnet

from

C2

176.113.115.145:4125

Attributes
  • auth_value

    8633e283485822a4a48f0a41d5397566

Targets

    • Target

      69aa5a77c1bd855eea3803d8e89ce754432fd667a39940e8b1d122c6f97a96d3

    • Size

      690KB

    • MD5

      e3a20848e167c677f90121527a27cb4c

    • SHA1

      c72d0512dfb2c0e88607f0b5f644f7d4c4b62a0e

    • SHA256

      69aa5a77c1bd855eea3803d8e89ce754432fd667a39940e8b1d122c6f97a96d3

    • SHA512

      ade95602919bc863e7a9d1b9f4dd1fccb37470b3a0b9bf33fe516e689f0c2c5acbf5ebe39236e971c13e9c6d6ce4509a1e9100b0d0e7b505eecfa65b10713b9e

    • SSDEEP

      12288:oMrOy9085aY1fsFkfFy065hLuwkqK33uSHhWoPGLkpezlOv1FVSfig06CKRF3kdL:mymYGF/7fawzKnuulUkpcOnVSagzTcZv

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks