General

  • Target

    build_240222_175553.zip

  • Size

    119KB

  • Sample

    240222-vfpmdacg2w

  • MD5

    f24116361370f9f61e66ac7944e1177e

  • SHA1

    a060a3fdaeb66d6f43c8d7bbd80de07d40b1494e

  • SHA256

    c16a997e95c57b9ab1df7d0f3d8c2b292ab7cd15161fee7c5d33f6a4a0c7df15

  • SHA512

    5fd270feb29209af81f0195e1c98d3ab6c25c8e1fa269ace3373febab96cd18502026f74cd7f57f0b9d84eeabfcd08603abe5588d25fb343f08cb0c2da0f0485

  • SSDEEP

    3072:HZJk3Xzmeb8bXs0pvrZnx9zOw7VvsQR8UXf40l7W40yoC9o/xGI:5Jki+0pTxT7hs4UqEC9o/wI

Malware Config

Extracted

Family

redline

Botnet

810467741

C2

https://pastebin.com/raw/NgsUAPya

Targets

    • Target

      crypted810467741RBBOW.exe

    • Size

      130KB

    • MD5

      a1152b8408343477e9c349e560d3036f

    • SHA1

      0c6938468fe195de90e914303668a417df0b4c4a

    • SHA256

      66a5e6a773ed1a4065bd281af893600a5c36643baba933d1539bbdbbcf20403f

    • SHA512

      7a5edb3b699e243a1aa156431810c45c57a1b7824f892877f4ee1cd3485d289f38f875ebf9060675dbc7dd079ed909735e2dcad3ca3e7ee3c20cedccf2dac219

    • SSDEEP

      3072:lFAzme58bXs0pvrznx9zOk7VvsQRsUXf40l7240yoC9o/r/r:py0pTrt7hs4EqMC9o/r

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks