General

  • Target

    installerV2.rar

  • Size

    109.2MB

  • Sample

    240202-l5fw4abda7

  • MD5

    c0e7e4afe60cb81f513e6037a692b6d3

  • SHA1

    fc8ac256ebc4065cfdfa2d073eb5b081fee2045c

  • SHA256

    a230fc03c202928b2f7ce173273bd314ca5ebd1c59a16b6cfb36440b585fc756

  • SHA512

    fce28b01da4d5773b238c581a737b61ea88197c3b5dc7456e2d17f9699e8e5a78a19cc64d6a57a4a417943dd9a433aa7010b582dfb4b24c492def4bb6b187268

  • SSDEEP

    1572864:e5k/y9dDXB6x9A6fiObagxD3ImGugnp/rWH2mtSt5tnfeAJIQDLw4nBsEJQQEimN:GbdDXB6jfdtiaPtS9nfVIQvwGWEJQunw

Malware Config

Extracted

Family

redline

C2

45.15.156.142:33597

Targets

    • Target

      installerV2.rar

    • Size

      109.2MB

    • MD5

      c0e7e4afe60cb81f513e6037a692b6d3

    • SHA1

      fc8ac256ebc4065cfdfa2d073eb5b081fee2045c

    • SHA256

      a230fc03c202928b2f7ce173273bd314ca5ebd1c59a16b6cfb36440b585fc756

    • SHA512

      fce28b01da4d5773b238c581a737b61ea88197c3b5dc7456e2d17f9699e8e5a78a19cc64d6a57a4a417943dd9a433aa7010b582dfb4b24c492def4bb6b187268

    • SSDEEP

      1572864:e5k/y9dDXB6x9A6fiObagxD3ImGugnp/rWH2mtSt5tnfeAJIQDLw4nBsEJQQEimN:GbdDXB6jfdtiaPtS9nfVIQvwGWEJQunw

    • Detect Poverty Stealer Payload

    • Poverty Stealer

      Poverty Stealer is a crypto and infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks