General

  • Target

    04689499.exe

  • Size

    1.0MB

  • Sample

    230525-plagrahh73

  • MD5

    f1d3250ac495982f5e086d3ea12df519

  • SHA1

    63c0bf154a983b933c9b3eb05cfe77ce06381814

  • SHA256

    a09efd143bb41d9fb82ba479ecdc3b45d3f76d32716f49bd14fc8b5f7afeb82a

  • SHA512

    aa709c87df784a0abde0c927baf1f60e7f8eb65027b0bb7f1635f63900b7e6859d79b5e47314e65128a56441f561a8fca8f96ae829095df0d29535367197ae0a

  • SSDEEP

    24576:PymsdIAOUPoGgJtVtfEcT6Rn9bKJEkZc0vfs2/7Ki:anIA1PjcaRn9gEkZ52

Malware Config

Extracted

Family

redline

Botnet

dina

C2

83.97.73.122:19062

Attributes
  • auth_value

    4f77073adc624269de1bff760b9bc471

Extracted

Family

redline

Botnet

fash

C2

83.97.73.122:19062

Attributes
  • auth_value

    dd7165bcd22b0ed3df426d944e12f136

Targets

    • Target

      04689499.exe

    • Size

      1.0MB

    • MD5

      f1d3250ac495982f5e086d3ea12df519

    • SHA1

      63c0bf154a983b933c9b3eb05cfe77ce06381814

    • SHA256

      a09efd143bb41d9fb82ba479ecdc3b45d3f76d32716f49bd14fc8b5f7afeb82a

    • SHA512

      aa709c87df784a0abde0c927baf1f60e7f8eb65027b0bb7f1635f63900b7e6859d79b5e47314e65128a56441f561a8fca8f96ae829095df0d29535367197ae0a

    • SSDEEP

      24576:PymsdIAOUPoGgJtVtfEcT6Rn9bKJEkZc0vfs2/7Ki:anIA1PjcaRn9gEkZ52

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.