General

  • Target

    2e501240ec8b9aab46d76a6504e44882.bin

  • Size

    11.2MB

  • Sample

    240305-bnnv9sah78

  • MD5

    1f0957699f1e957de151288a169682fd

  • SHA1

    b02116a9fc237aa174f022a1331dced1c97b5030

  • SHA256

    55654aa2658e9534d82f5c7763d8807c0fcf769b34119b42b0d456d56458edb2

  • SHA512

    98d5f5f90fc745df27e34a9a1392fd65fbcf94c8bb7b590d3680d1d071f4333e0e860b17f348d6dd7d4e20f2035a41068abd5cac01e8ed53161f0a69c31d1475

  • SSDEEP

    196608:UjtYcNbNZgwFtUIGM8rECxUbvZ3hsWWnLXtCSHRyGRE22:Uj2cNJhtZG/rEjTZRZ2LdCS2

Malware Config

Extracted

Family

redline

Botnet

gg

C2

67.203.7.148:2909

Targets

    • Target

      582cf0470ba0d2c2ef2c3fee83442db0e345656f7d7c46ee5b613998fdd6ee00.exe

    • Size

      20.9MB

    • MD5

      2e501240ec8b9aab46d76a6504e44882

    • SHA1

      1a97d7662e66502faa5a7718565bb362eb6f27bd

    • SHA256

      582cf0470ba0d2c2ef2c3fee83442db0e345656f7d7c46ee5b613998fdd6ee00

    • SHA512

      eae4aacbfcee43ad8f9b2acbddb1b3b71c2aec0064bc6605107eb8b254614361c77984d09e7eabb91fc26634822ac448d8be884dd8f174021c52979690c2f97b

    • SSDEEP

      98304:Kj1ZAxOCU3yUetDvB6ti3FOU8jRdqY9d2omTt20+NVZ:mAxOCU3yUetDvB6ti1aOTtlcVZ

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

2
T1112

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Tasks