General

  • Target

    4c375bb5f06c00277848e3f3462ec3da52c4158d2f7fce3d31b001b552cb070c.zip

  • Size

    51KB

  • Sample

    230328-lpwydaac23

  • MD5

    1de87b63c773f42640f75d459152102b

  • SHA1

    cd4c4e8726dae259ed9371e655166038ded12367

  • SHA256

    211aae748405bcf05893cc25781a06354e2ecadff1a39646c931684503e716c4

  • SHA512

    12b387859cf78b0c3584e50ad2ae0c3c5b112f7c76254744040d8b5ecfc05a93c123440d478fe93382a9c1eb923db60696c99cd343d53ff4f52025f1a741bdb6

  • SSDEEP

    1536:8gKh5645RT/D6532Q8zxvZTKmda5IX0H8CM7fs6a8vLNAHv4Jv:8gKh564njDKGQ8zLNdS78uIZIQN

Malware Config

Extracted

Family

redline

Botnet

vila

C2

193.233.20.33:4125

Attributes
  • auth_value

    94b115d79ddcab0a0fb9dfab8e225c3b

Targets

    • Target

      4c375bb5f06c00277848e3f3462ec3da52c4158d2f7fce3d31b001b552cb070c

    • Size

      175KB

    • MD5

      d642d29b28f03f5593e6930cb6a14ef8

    • SHA1

      2ef73096290e69d46e3743ce1c4566bd4e783d73

    • SHA256

      4c375bb5f06c00277848e3f3462ec3da52c4158d2f7fce3d31b001b552cb070c

    • SHA512

      e23f49fa342f048a042e28cb68e0cc2f89ba3355189c409201429874ae8be55fe72b21ab4170772af2f3ecbbf1205bd12f5765f8a8055a7e1e667749c68c74ef

    • SSDEEP

      3072:7xqZW11a2kX8fSx3IeJwewI9zhfrxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOZ:NqZkSx3ZJ5zh

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks