General

  • Target

    8 ball pool hack.exe

  • Size

    313KB

  • Sample

    240407-s2ggsafh96

  • MD5

    8c78abfa631325c3160daeda40cd1194

  • SHA1

    470ab30d818518d07e916217f2b9f03f398e6aaf

  • SHA256

    9050e489f3b839539e719f73fee921a9b0950ef9af97c09403e647fed8d5198c

  • SHA512

    7f99b3c5e971dda31166689d1f1c9d2064fc2e8921245b6ffbc9e00f70f8dc0fcd15bd23a24aea72e078620db9b6009f2a2d8979c43f045a5ed76cbde36c883d

  • SSDEEP

    6144:Xf2YIUEL2cUthDBh8zj2v/TZjLezR3RgZhY4/HLzsTSHeFJEedXgchabr/Nq5:OhMVh8jzR3R+Y4/XsW+Qedwci/Nq

Malware Config

Extracted

Family

redline

Botnet

@Ppparanoya1

C2

45.15.156.167:80

Targets

    • Target

      8 ball pool hack.exe

    • Size

      313KB

    • MD5

      8c78abfa631325c3160daeda40cd1194

    • SHA1

      470ab30d818518d07e916217f2b9f03f398e6aaf

    • SHA256

      9050e489f3b839539e719f73fee921a9b0950ef9af97c09403e647fed8d5198c

    • SHA512

      7f99b3c5e971dda31166689d1f1c9d2064fc2e8921245b6ffbc9e00f70f8dc0fcd15bd23a24aea72e078620db9b6009f2a2d8979c43f045a5ed76cbde36c883d

    • SSDEEP

      6144:Xf2YIUEL2cUthDBh8zj2v/TZjLezR3RgZhY4/HLzsTSHeFJEedXgchabr/Nq5:OhMVh8jzR3R+Y4/XsW+Qedwci/Nq

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks