General

  • Target

    e4fe88f514322177a2910b2772267b199d8c1db1839465e596c6565f4ceee912

  • Size

    521KB

  • Sample

    230403-1j1fyaeb79

  • MD5

    f8d8599f4771dd76d044b3903a447637

  • SHA1

    dfd7e9655f05ab38d1ff423664fb596d4691cda4

  • SHA256

    e4fe88f514322177a2910b2772267b199d8c1db1839465e596c6565f4ceee912

  • SHA512

    e97e13ec25508e987efa050a697657c46405696d7ecbfcc4a4421399c6975380738991faf4afa2cd0afab34127cba9d7da633f4a3302af9921a3e0615105cf5f

  • SSDEEP

    12288:QMruy90ISCJzqj5XFIq/nfTrJVP8K7449zW3R9Oe7mAV:uybadqq70Kk4A3R9OeH

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Extracted

Family

redline

Botnet

spora

C2

176.113.115.145:4125

Attributes
  • auth_value

    441b39ab37774b2ca9931c31e1bc6071

Targets

    • Target

      e4fe88f514322177a2910b2772267b199d8c1db1839465e596c6565f4ceee912

    • Size

      521KB

    • MD5

      f8d8599f4771dd76d044b3903a447637

    • SHA1

      dfd7e9655f05ab38d1ff423664fb596d4691cda4

    • SHA256

      e4fe88f514322177a2910b2772267b199d8c1db1839465e596c6565f4ceee912

    • SHA512

      e97e13ec25508e987efa050a697657c46405696d7ecbfcc4a4421399c6975380738991faf4afa2cd0afab34127cba9d7da633f4a3302af9921a3e0615105cf5f

    • SSDEEP

      12288:QMruy90ISCJzqj5XFIq/nfTrJVP8K7449zW3R9Oe7mAV:uybadqq70Kk4A3R9OeH

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks