General

  • Target

    a10929744db08997d1cdc307cd2883ceb80b1776383b518511f4040cc910b1a8

  • Size

    522KB

  • Sample

    230403-nlfs4aed24

  • MD5

    ae1a3f0b8f8d4f1acfe98974379f6d5a

  • SHA1

    f7aad6dc50ceeaf27015185eb7c2722d32bdcd3e

  • SHA256

    a10929744db08997d1cdc307cd2883ceb80b1776383b518511f4040cc910b1a8

  • SHA512

    071f4c35798e88a4419c1e367e29b229a892d053511d4b5738b98f5007fbbc1efb973f8be7d6b4a2839168d512be61111f3a308d351144a9db9676380ad70c04

  • SSDEEP

    12288:jMrdy90o6mCTMsSWyb50323Xn7P3iqkcCrus:uyFs5450323XL3vC5

Malware Config

Extracted

Family

redline

Botnet

rosn

C2

176.113.115.145:4125

Attributes
  • auth_value

    050a19e1db4d0024b0f23b37dcf961f4

Extracted

Family

redline

Botnet

spora

C2

176.113.115.145:4125

Attributes
  • auth_value

    441b39ab37774b2ca9931c31e1bc6071

Targets

    • Target

      a10929744db08997d1cdc307cd2883ceb80b1776383b518511f4040cc910b1a8

    • Size

      522KB

    • MD5

      ae1a3f0b8f8d4f1acfe98974379f6d5a

    • SHA1

      f7aad6dc50ceeaf27015185eb7c2722d32bdcd3e

    • SHA256

      a10929744db08997d1cdc307cd2883ceb80b1776383b518511f4040cc910b1a8

    • SHA512

      071f4c35798e88a4419c1e367e29b229a892d053511d4b5738b98f5007fbbc1efb973f8be7d6b4a2839168d512be61111f3a308d351144a9db9676380ad70c04

    • SSDEEP

      12288:jMrdy90o6mCTMsSWyb50323Xn7P3iqkcCrus:uyFs5450323XL3vC5

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks