General

  • Target

    ZXESET0PER.zip

  • Size

    21.3MB

  • Sample

    231020-afxyjacg5z

  • MD5

    f7da2499aeb9d65fc0f3aaae1bbefd5a

  • SHA1

    6760fe8899756ebb853aa6e71d62f10651f10b4c

  • SHA256

    702eac35cc0540ced55684d5e779e09de8fe508b684e5dc29a0d71aa8906ad20

  • SHA512

    7b7de533552f832be2b2d27a7d95dc6348f170ddf0768f5e1e2afcffe5cc71a27a8b1d2358dc6457441b919008bdcd56a2d7eba643a432cbdc273bb9f50cbaf4

  • SSDEEP

    393216:i+VN7VjtFSOMsC1AxxKUEtn1U+ktedHejqQnOvqz7o0ZP5gMv78lMBo6:HXBdMsCqLKU01U7edMbzMghgDGC6

Malware Config

Extracted

Family

redline

C2

91.103.252.48:33597

Targets

    • Target

      ZXESET0PER.zip

    • Size

      21.3MB

    • MD5

      f7da2499aeb9d65fc0f3aaae1bbefd5a

    • SHA1

      6760fe8899756ebb853aa6e71d62f10651f10b4c

    • SHA256

      702eac35cc0540ced55684d5e779e09de8fe508b684e5dc29a0d71aa8906ad20

    • SHA512

      7b7de533552f832be2b2d27a7d95dc6348f170ddf0768f5e1e2afcffe5cc71a27a8b1d2358dc6457441b919008bdcd56a2d7eba643a432cbdc273bb9f50cbaf4

    • SSDEEP

      393216:i+VN7VjtFSOMsC1AxxKUEtn1U+ktedHejqQnOvqz7o0ZP5gMv78lMBo6:HXBdMsCqLKU01U7edMbzMghgDGC6

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Detected potential entity reuse from brand microsoft.

MITRE ATT&CK Enterprise v15

Tasks