General

  • Target

    TopkaVisual 2.PRO (Creator Shake).exe

  • Size

    474KB

  • Sample

    240403-m7t26sch38

  • MD5

    4ab6fe040850d54675de3b7ad803bcd5

  • SHA1

    28acee2de223e608bf0663a24624475b4858deae

  • SHA256

    9b5dc34e2808725b6b2c131d2a0ce4d2f4525269b9da6c60fcfcd93e83d40f27

  • SHA512

    a9df1b064b74febd43cc27b5cb8207dc050160a53aa4ab82a5c4bc010d52c88fda9b7a7b15d5318d8aec07b8ced32114c6b20b8daa7071f4442df5b3b4888ec4

  • SSDEEP

    12288:8r3/n9m2RrxBvwhsW8qO7huSCVjWRioDU8uZlRVj:oPHIcISwjWRlDep

Malware Config

Extracted

Family

redline

Botnet

1139456900_99

C2

https://pastebin.com/raw/8baCJyMF

Targets

    • Target

      TopkaVisual 2.PRO (Creator Shake).exe

    • Size

      474KB

    • MD5

      4ab6fe040850d54675de3b7ad803bcd5

    • SHA1

      28acee2de223e608bf0663a24624475b4858deae

    • SHA256

      9b5dc34e2808725b6b2c131d2a0ce4d2f4525269b9da6c60fcfcd93e83d40f27

    • SHA512

      a9df1b064b74febd43cc27b5cb8207dc050160a53aa4ab82a5c4bc010d52c88fda9b7a7b15d5318d8aec07b8ced32114c6b20b8daa7071f4442df5b3b4888ec4

    • SSDEEP

      12288:8r3/n9m2RrxBvwhsW8qO7huSCVjWRioDU8uZlRVj:oPHIcISwjWRlDep

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks