General

  • Target

    build_240222_174228.zip

  • Size

    140KB

  • Sample

    240222-va1gpacf5y

  • MD5

    c0794af593e377f0fe27bdcbc13d4a11

  • SHA1

    9ea47cd4b22cadd7482e5fffa4b22e45c981c260

  • SHA256

    0f4150600bf973df042a0ce696f230c64aca2a527f2c6c419a72f18c688f2909

  • SHA512

    c658278f6d780db4a0ad9c714a9998028c6640b618784650af05b87609e6b3a3aa96ad0da3e46496023280010b2a6d3fadd947ca6558fc17c6a1fbcf3149b930

  • SSDEEP

    3072:TjWJEbmzAynNHFzGsrm9MWmcMR37FQ9+7df9Y7M/nKImgsxwTCC1:TqJcLynNlx69xmh7G+B1Y7onHmR4C0

Malware Config

Extracted

Family

redline

Botnet

810467741

C2

https://pastebin.com/raw/NgsUAPya

Targets

    • Target

      crypted810467741LQLUK.png .scr

    • Size

      330KB

    • MD5

      13da785fc61c281c43c93c7357b9c16e

    • SHA1

      e115ec17be3be5481bb5646f858a133c425f8d72

    • SHA256

      ad5dbad61acbfa7b465a57ff5a90055c39669e01a5767fd6b5845b2ca619e9df

    • SHA512

      102f16ebd514cc1afed8371c810d328fa63cbef473f1d69552ae0f7ef1ed7d6f13f563e37605b9ba522fa17eec753ac750619e248be1f40b0637ddee2343739e

    • SSDEEP

      6144:LlGBaPYQE8PQy1w5dUPPNyu2C80vjSye+8Tcpby6:LlGBNgc5aPP/80vjUTcpby6

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks