General

  • Target

    411b28fec79459930089cc56a18b123cb175347a5464353faf1c376f99c57a67

  • Size

    576KB

  • Sample

    240307-x3h48abg77

  • MD5

    164109915e9cb7c352225e69f6bfb839

  • SHA1

    79bf288ccc1a63e232a6978cd979ba223f75c064

  • SHA256

    411b28fec79459930089cc56a18b123cb175347a5464353faf1c376f99c57a67

  • SHA512

    206747aefe5c0ab6632ee82bbb4318750778974c775adb6f9f68c28620d14cdbef8b9a1c8b90c9f06be37919165fe913dcb332bb250429bdf40b9cedf5624787

  • SSDEEP

    12288:j6FO1lytiU39/j2aAlPNGXRaYtuyVQY6juCMy5TwI2s2/ckR:kti0/j2aAmXRZ7WY6ssW

Malware Config

Extracted

Family

redline

Botnet

cheat

C2

45.137.22.243:55615

Targets

    • Target

      411b28fec79459930089cc56a18b123cb175347a5464353faf1c376f99c57a67

    • Size

      576KB

    • MD5

      164109915e9cb7c352225e69f6bfb839

    • SHA1

      79bf288ccc1a63e232a6978cd979ba223f75c064

    • SHA256

      411b28fec79459930089cc56a18b123cb175347a5464353faf1c376f99c57a67

    • SHA512

      206747aefe5c0ab6632ee82bbb4318750778974c775adb6f9f68c28620d14cdbef8b9a1c8b90c9f06be37919165fe913dcb332bb250429bdf40b9cedf5624787

    • SSDEEP

      12288:j6FO1lytiU39/j2aAlPNGXRaYtuyVQY6juCMy5TwI2s2/ckR:kti0/j2aAmXRZ7WY6ssW

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks