Resubmissions

07-04-2024 16:25

240407-txecasha45 1

07-04-2024 16:18

240407-trytragh35 10

General

  • Target

    vitutal machine.txt

  • Size

    61B

  • Sample

    240407-trytragh35

  • MD5

    1d7db31646386591f2e03562253f0e35

  • SHA1

    7fa424de79d773fa915c882e2fc57b276a336526

  • SHA256

    7902ef263776402b3f205cf5ebb983c619dbd529ab2d8d1af912ef3d6c40c957

  • SHA512

    b6c6bd4d1d538e3961ce7557e5308380ccadd263232655d6fdd5388cb1ad71682733494d48493be613b5a0579f2cce9b06a9e53069157007661893ec62240a19

Malware Config

Extracted

Family

redline

C2

45.15.156.142:33597

Extracted

Family

redline

Botnet

@skayoker38

C2

45.15.156.167:80

Targets

    • Target

      vitutal machine.txt

    • Size

      61B

    • MD5

      1d7db31646386591f2e03562253f0e35

    • SHA1

      7fa424de79d773fa915c882e2fc57b276a336526

    • SHA256

      7902ef263776402b3f205cf5ebb983c619dbd529ab2d8d1af912ef3d6c40c957

    • SHA512

      b6c6bd4d1d538e3961ce7557e5308380ccadd263232655d6fdd5388cb1ad71682733494d48493be613b5a0579f2cce9b06a9e53069157007661893ec62240a19

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks