General

  • Target

    7c208c16a474b272ae4c91a2aa4fc9b7d2cf226e8261ed1b1b73f9a38d14e11e

  • Size

    1.0MB

  • Sample

    230516-3thpzsda92

  • MD5

    50823d438839beb565ca31be63b136bf

  • SHA1

    32799f66fea04897f558f9bf30d0bd8c13e2fd30

  • SHA256

    7c208c16a474b272ae4c91a2aa4fc9b7d2cf226e8261ed1b1b73f9a38d14e11e

  • SHA512

    07be27a07aeb51f8c566211f6daf85348bd6354dba67da070b394347a37ee8eecbab6a03e27bee0217640bbb2d62f40c4e3244f9c82ca822c00cc2cad2749dd4

  • SSDEEP

    24576:Fy5YlmvCom/YKZu/A3vQI18U7u0sBQh1Xn90+:g5YQvClgyr3vx1Lu0Xln9

Malware Config

Extracted

Family

redline

Botnet

dusor

C2

185.161.248.25:4132

Attributes
  • auth_value

    b81217cf5a516122d407aeaf79d22948

Targets

    • Target

      7c208c16a474b272ae4c91a2aa4fc9b7d2cf226e8261ed1b1b73f9a38d14e11e

    • Size

      1.0MB

    • MD5

      50823d438839beb565ca31be63b136bf

    • SHA1

      32799f66fea04897f558f9bf30d0bd8c13e2fd30

    • SHA256

      7c208c16a474b272ae4c91a2aa4fc9b7d2cf226e8261ed1b1b73f9a38d14e11e

    • SHA512

      07be27a07aeb51f8c566211f6daf85348bd6354dba67da070b394347a37ee8eecbab6a03e27bee0217640bbb2d62f40c4e3244f9c82ca822c00cc2cad2749dd4

    • SSDEEP

      24576:Fy5YlmvCom/YKZu/A3vQI18U7u0sBQh1Xn90+:g5YQvClgyr3vx1Lu0Xln9

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks