General

  • Target

    5805ba05b4054885a03cfcfaa9a114a9779f588ed93f2ca4ba7a0398645434de.exe

  • Size

    1.1MB

  • Sample

    240107-yds4kacgfl

  • MD5

    91181ab80e0f828910908cb623f59430

  • SHA1

    059fcc2220889d0942a54f0062eaa90ef25519e3

  • SHA256

    5805ba05b4054885a03cfcfaa9a114a9779f588ed93f2ca4ba7a0398645434de

  • SHA512

    489da9fa9b7ddd4a3098d83a9c63df5d499fd5c61feace6c9300c73b1889d496d0671ebcd755e0b30d0627265f96185f06853f67159be8a2ff311d0263f32392

  • SSDEEP

    24576:SD/DemtH9UoagYJI9MQrzk0BhbHAoF6R0Kzf/j2GAjDqs1l:cymRaj+9bVHRoRVatz1l

Malware Config

Extracted

Family

redline

Botnet

LiveTraffic

C2

20.79.30.95:13856

Targets

    • Target

      5805ba05b4054885a03cfcfaa9a114a9779f588ed93f2ca4ba7a0398645434de.exe

    • Size

      1.1MB

    • MD5

      91181ab80e0f828910908cb623f59430

    • SHA1

      059fcc2220889d0942a54f0062eaa90ef25519e3

    • SHA256

      5805ba05b4054885a03cfcfaa9a114a9779f588ed93f2ca4ba7a0398645434de

    • SHA512

      489da9fa9b7ddd4a3098d83a9c63df5d499fd5c61feace6c9300c73b1889d496d0671ebcd755e0b30d0627265f96185f06853f67159be8a2ff311d0263f32392

    • SSDEEP

      24576:SD/DemtH9UoagYJI9MQrzk0BhbHAoF6R0Kzf/j2GAjDqs1l:cymRaj+9bVHRoRVatz1l

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks