General

  • Target

    361b53f4b3e887b963bd607d994f9f42344b39e871b1142c8e56ff7182e4c96c.zip

  • Size

    1.2MB

  • Sample

    240402-mkec7sfd73

  • MD5

    239cc793c90c1fdc38cf2143355ec4f2

  • SHA1

    26e43131172db45e576c2650ab1792995dc9129a

  • SHA256

    96dc94ce5d32ff6cc08fa84a897464790b262c341f37c6a795fd21eed352d3fb

  • SHA512

    50722e3596dadf33933291ee9d1219797f66ad5385898fc7095bf841245b12ebb000e4c101aa72382efb9344b512fcdd19bbc0f4b027d20690efb223c75804a0

  • SSDEEP

    24576:SeDquBTjNL38yoHE18kS/ByfOeRAZJfA59CYVmtkIe8EkXCK:RryHbZEOcKYAtTwo

Malware Config

Extracted

Family

redline

Botnet

1

C2

77.221.156.45:18734

Targets

    • Target

      361b53f4b3e887b963bd607d994f9f42344b39e871b1142c8e56ff7182e4c96c.exe

    • Size

      1.3MB

    • MD5

      48bf3772cbc93109287d1254b8a64683

    • SHA1

      7ba5be5f07d63597c71bdfc0032365b56a3a26e7

    • SHA256

      361b53f4b3e887b963bd607d994f9f42344b39e871b1142c8e56ff7182e4c96c

    • SHA512

      d3621ed393be35d7a0074aee36d7ab1e7df9dacb86085472c8ed0cceec03e0bd2b349b9216bd3b8f1c19f9b1f112e255245d38ad32106d0e47a92e27ebe41d15

    • SSDEEP

      24576:Nmmy8RvF09ha/j20zJgxHgShHls6P9eQ7FYxM8/ta081:N/y8RvK9Q9B76PZ7GxM8/tJ

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v13

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks