General

  • Target

    hotel-requirements.pdf28.zip

  • Size

    66.0MB

  • Sample

    230622-v1tf3aha7t

  • MD5

    24f925917a8b254db098bcf6de37d7a4

  • SHA1

    ce4367516564c72352c7b8528e2e193d310baaac

  • SHA256

    74e150367f59cc92a48c8725120865c7b94312981a09d981760431da4485ed50

  • SHA512

    06c6d0bb8eb9d3b1f0b409ddf5682590700cafab0a539c939878dddfd42e77306d2b674313beac6f6cf7d05327b4332a4cb09253e45c09af59cb1d97245eb5be

  • SSDEEP

    1572864:4TLP/2cmeM+vFdLDsNMcqrGPxW5kCtnETLcvAq9FN9ZSbUI/BF:4ThmdedXws5kCZEl+FN9KUIpF

Malware Config

Extracted

Family

redline

Botnet

Mastif

C2

78.47.242.225:15635

Attributes
  • auth_value

    32b21fb55370c8e21f0f75577471534e

Targets

    • Target

      hotel-requirements.pdf/hotel-requirements.pdf.scr

    • Size

      564.4MB

    • MD5

      7faa29f9a965143cf67f27c1455111c1

    • SHA1

      f5c34c4399c2fca31c6ac05e14a566374c6732a9

    • SHA256

      a06612c8c0ff60c840da39e7d8571e949716bdec4c4a6582fdaae25216907fbe

    • SHA512

      2caffe5412262a291fa76a5887ccff316b3983a675a16d97c4dcde087ae3d3ccdb9685f66dbc999d1ade1888d6df45d015e1dd9bc0d396a2abf8761949bf3dd6

    • SSDEEP

      786432:MA5OgdnGFPsX2YiMiqN7z5EYUj4Vtpe9oA4Jxo88nvcVkf/2npG4U:M4d2oiU7z5EZMre9GJxo8q0Vkf8a

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Collection

Data from Local System

1
T1005

Tasks