General

  • Target

    e3176f14a8ae6233f7854c1c25734e99e9e530b848c32ecaeff65e7c3f56f9e8

  • Size

    771KB

  • Sample

    230528-fk1g4seg4y

  • MD5

    1aecb86ea16d7e1ded70c465207c24a3

  • SHA1

    cc71a6f5134a9a218d9ba827ee4af1faed25c8cf

  • SHA256

    e3176f14a8ae6233f7854c1c25734e99e9e530b848c32ecaeff65e7c3f56f9e8

  • SHA512

    f575e369ffc36c7d57fc9a7d21a4ba7ae8bb2303b994f5f561d00b4005b58886aa74c3ceb64ae39446fa08ae03a4bcac16b45816b1228638468752612b191937

  • SSDEEP

    12288:hMrWy90VFKH8PyDcxSlKBvD5hrtbppw4+lodEWwUV9PymmvpivOLnbr:DyAAcklKB75h1w/0ENUV9ybkvybr

Malware Config

Extracted

Family

redline

Botnet

dura

C2

83.97.73.127:19062

Attributes
  • auth_value

    44b7d6fb9572dea0d64d018139c3d208

Extracted

Family

redline

Botnet

heroy

C2

83.97.73.127:19062

Attributes
  • auth_value

    b2879468e50d2d36e66f1a067d4a8bb3

Targets

    • Target

      e3176f14a8ae6233f7854c1c25734e99e9e530b848c32ecaeff65e7c3f56f9e8

    • Size

      771KB

    • MD5

      1aecb86ea16d7e1ded70c465207c24a3

    • SHA1

      cc71a6f5134a9a218d9ba827ee4af1faed25c8cf

    • SHA256

      e3176f14a8ae6233f7854c1c25734e99e9e530b848c32ecaeff65e7c3f56f9e8

    • SHA512

      f575e369ffc36c7d57fc9a7d21a4ba7ae8bb2303b994f5f561d00b4005b58886aa74c3ceb64ae39446fa08ae03a4bcac16b45816b1228638468752612b191937

    • SSDEEP

      12288:hMrWy90VFKH8PyDcxSlKBvD5hrtbppw4+lodEWwUV9PymmvpivOLnbr:DyAAcklKB75h1w/0ENUV9ybkvybr

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks