General

  • Target

    6417b91b48f38699c9ba8ae7be911d987f5cc5eb8bbeddbb816cacbe6e2a4f5a

  • Size

    587KB

  • Sample

    230504-gmcphaab83

  • MD5

    41fe708d2487205111a793708ed84582

  • SHA1

    9612b5c60ca61b887697a6bf7a09ebe9177d7b7e

  • SHA256

    6417b91b48f38699c9ba8ae7be911d987f5cc5eb8bbeddbb816cacbe6e2a4f5a

  • SHA512

    4bd3f5be7f14affe319b3e67771409dede9ed2b0470d4f72d0747cf0397d2dd718fae9e2cae4f479988ee8a3df7a63e3ed9523ee1be9ee694e6822c1f61b881b

  • SSDEEP

    12288:fMrhy90P4cAYArG9QlPaJi7OyjUmokR6sYYf9G6wIwyVJhQ5U21eQXDfm+w6c:Gys3MrG9Qoi7pjURkPYoZfhQC21/DBc

Malware Config

Extracted

Family

redline

Botnet

daris

C2

217.196.96.56:4138

Attributes
  • auth_value

    3491f24ae0250969cd45ce4b3fe77549

Targets

    • Target

      6417b91b48f38699c9ba8ae7be911d987f5cc5eb8bbeddbb816cacbe6e2a4f5a

    • Size

      587KB

    • MD5

      41fe708d2487205111a793708ed84582

    • SHA1

      9612b5c60ca61b887697a6bf7a09ebe9177d7b7e

    • SHA256

      6417b91b48f38699c9ba8ae7be911d987f5cc5eb8bbeddbb816cacbe6e2a4f5a

    • SHA512

      4bd3f5be7f14affe319b3e67771409dede9ed2b0470d4f72d0747cf0397d2dd718fae9e2cae4f479988ee8a3df7a63e3ed9523ee1be9ee694e6822c1f61b881b

    • SSDEEP

      12288:fMrhy90P4cAYArG9QlPaJi7OyjUmokR6sYYf9G6wIwyVJhQ5U21eQXDfm+w6c:Gys3MrG9Qoi7pjURkPYoZfhQC21/DBc

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks