General

  • Target

    35bc44c85ac01234d1688f6312b01bff7961d080b90f46f297fca5cdfbb0d264.zip

  • Size

    51KB

  • Sample

    230328-lpwmlsbh9t

  • MD5

    6c67e4ddc94b284ce521e827b4cb0dfc

  • SHA1

    eb85bbfc47a9a30dd4eefa3beeb97d18d968b24c

  • SHA256

    79d34d121edc6e39bb2ff722df46a84d40e16e51a1547abd19eb85d4e616cded

  • SHA512

    919cdb4e3bcc65e91406fd95d6e02c897ddfab17240a3460f58bc6b15fb9b9329ea4a4fb7ea990c5a5a0b2e5c2266a069bb0807bfa21524d7f43fcde791df58c

  • SSDEEP

    1536:WNtocHpP9nJmKx9tD/QtCBFJGKIeyok1eIjlx:MtT37DQUvwhe/gxx

Malware Config

Extracted

Family

redline

Botnet

reiv

C2

193.233.20.33:4125

Attributes
  • auth_value

    5e0113277ad2cf97a9b7e175007f1c55

Targets

    • Target

      35bc44c85ac01234d1688f6312b01bff7961d080b90f46f297fca5cdfbb0d264

    • Size

      175KB

    • MD5

      5f0a741491d53e1b9c61c19ee6117389

    • SHA1

      53851993c3357f6ccf9072396f2e7ce1cb2a59d0

    • SHA256

      35bc44c85ac01234d1688f6312b01bff7961d080b90f46f297fca5cdfbb0d264

    • SHA512

      0f9ba4568b5c3e9cfcb7e24407a13e5fe4ac3473c7a8d9fe9d2a8b73e808d5883ea3066834dab3c061900df0d7aa63b1ca44a540aba934820e35ccf89187a84e

    • SSDEEP

      3072:6xqZWjfa8oty3BfeT59lhavxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOuw+ca2:oqZCBalh

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks