General

  • Target

    189a8a1b651e2e2cab402f0f8b80dfa39e606b3b127e176ce8e227728d619488

  • Size

    660KB

  • Sample

    230401-3kmbtadd52

  • MD5

    e2b8bd3b76cfe9dae48bdf2379ad43ee

  • SHA1

    3dd3b7b615e387c062f03f935adf291e62f18086

  • SHA256

    189a8a1b651e2e2cab402f0f8b80dfa39e606b3b127e176ce8e227728d619488

  • SHA512

    fa34cecee2170cc9c60feb94a206479c937cc759da9bcb512b03d34b4326b8d45c21691deb8ca5646393bd0e0b642fdb34c2b3874fdfc2ad7e54680cfe779fab

  • SSDEEP

    12288:/MrKy90SHCLhgZjrqEO7Iu8jVrAHt/NtAof5KUa/6mdU6Uxp1gF:VyILh2qbwIt/NthAQmDUzg

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Extracted

Family

redline

Botnet

spora

C2

176.113.115.145:4125

Attributes
  • auth_value

    441b39ab37774b2ca9931c31e1bc6071

Targets

    • Target

      189a8a1b651e2e2cab402f0f8b80dfa39e606b3b127e176ce8e227728d619488

    • Size

      660KB

    • MD5

      e2b8bd3b76cfe9dae48bdf2379ad43ee

    • SHA1

      3dd3b7b615e387c062f03f935adf291e62f18086

    • SHA256

      189a8a1b651e2e2cab402f0f8b80dfa39e606b3b127e176ce8e227728d619488

    • SHA512

      fa34cecee2170cc9c60feb94a206479c937cc759da9bcb512b03d34b4326b8d45c21691deb8ca5646393bd0e0b642fdb34c2b3874fdfc2ad7e54680cfe779fab

    • SSDEEP

      12288:/MrKy90SHCLhgZjrqEO7Iu8jVrAHt/NtAof5KUa/6mdU6Uxp1gF:VyILh2qbwIt/NthAQmDUzg

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks