General

  • Target

    tmp

  • Size

    311KB

  • Sample

    231018-hc3nlsdc85

  • MD5

    cc5221bdab8fd30b365bdf5e10cef035

  • SHA1

    e6d2fa5b34eff042f9fe8fa7a9938e02c250b9cd

  • SHA256

    b4ed0c1eb6a1dd3f17c7781a47bd080215426e57710d3306fc212072e41f8856

  • SHA512

    ad0137b985ca6cd9f55be27f715ee9ba58f81ac36365dd98d0dfc5b2e03cf5371c4f1b95c590009d7df02c3255e32aa09c50299621a30c348bdc76e49e79b892

  • SSDEEP

    3072:sEGPw42fWISJEBwItWylQrkYl5gwkdbseIURlT7ywPgeOQRwr3Uu:yIFUJEBXTQg05lkxlCw4ehR6f

Malware Config

Extracted

Family

redline

Botnet

wili3

C2

94.156.6.176:8948

Targets

    • Target

      tmp

    • Size

      311KB

    • MD5

      cc5221bdab8fd30b365bdf5e10cef035

    • SHA1

      e6d2fa5b34eff042f9fe8fa7a9938e02c250b9cd

    • SHA256

      b4ed0c1eb6a1dd3f17c7781a47bd080215426e57710d3306fc212072e41f8856

    • SHA512

      ad0137b985ca6cd9f55be27f715ee9ba58f81ac36365dd98d0dfc5b2e03cf5371c4f1b95c590009d7df02c3255e32aa09c50299621a30c348bdc76e49e79b892

    • SSDEEP

      3072:sEGPw42fWISJEBwItWylQrkYl5gwkdbseIURlT7ywPgeOQRwr3Uu:yIFUJEBXTQg05lkxlCw4ehR6f

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Detected potential entity reuse from brand microsoft.

MITRE ATT&CK Enterprise v15

Tasks