General

  • Target

    554d25724c8f6f53af8721d0ef6b6f42.exe

  • Size

    736KB

  • Sample

    230605-v7s4wahh59

  • MD5

    554d25724c8f6f53af8721d0ef6b6f42

  • SHA1

    12aa02a42690740e106790852709edd8648177ac

  • SHA256

    e43fff23b2fff04d4a335ab5ff3cf69ba90bcc0dbe35901cf1c1e020614a0f07

  • SHA512

    b3edc933a34230613dafc3edf1d3e6e6adc73a55fcad4b4e80d903aec6bd87052df69c7752a39618385508006625b4d828bf25eaecc15bec4966e9320a39bff0

  • SSDEEP

    12288:HMriy90oEzXGK/FxXki8Y52n1bW2sIPNhO1d8lvUeVaPXDBXi9V0Hh9PHL39n+rZ:xyLQWK/FxuY5kIAwBeV+XlXtHhJrt+rZ

Malware Config

Extracted

Family

redline

Botnet

maxi

C2

83.97.73.126:19048

Attributes
  • auth_value

    6a3f22e5f4209b056a3fd330dc71956a

Targets

    • Target

      554d25724c8f6f53af8721d0ef6b6f42.exe

    • Size

      736KB

    • MD5

      554d25724c8f6f53af8721d0ef6b6f42

    • SHA1

      12aa02a42690740e106790852709edd8648177ac

    • SHA256

      e43fff23b2fff04d4a335ab5ff3cf69ba90bcc0dbe35901cf1c1e020614a0f07

    • SHA512

      b3edc933a34230613dafc3edf1d3e6e6adc73a55fcad4b4e80d903aec6bd87052df69c7752a39618385508006625b4d828bf25eaecc15bec4966e9320a39bff0

    • SSDEEP

      12288:HMriy90oEzXGK/FxXki8Y52n1bW2sIPNhO1d8lvUeVaPXDBXi9V0Hh9PHL39n+rZ:xyLQWK/FxuY5kIAwBeV+XlXtHhJrt+rZ

    • Modifies Windows Defender Real-time Protection settings

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks