General

  • Target

    3ad1339dace3a7dc466e30b71ad5cad2.bin

  • Size

    115KB

  • Sample

    240408-bh58cscb6x

  • MD5

    d6eecc56f5adfe8f1697018d62e6c140

  • SHA1

    c5b0e1a192ee73a23aa572a9dfeea0ad494e9460

  • SHA256

    2abbb8f47539250d5756e62ae2a85ebb1ec3e4278beaae3f5ff21b34f11d2f18

  • SHA512

    8b92bd8c097417120cf0aab87b1e8a09300317c395ce0163a624aa16311d1112166e5c101fcabc4d5f026676e5835107dd5e07e1fdda97d571252e55bc1dec74

  • SSDEEP

    3072:rovGP3L7wl8eMIizZpRUqw2XbBzZ59Ni/Tmj3j7GU4H6aPXk:rovGPwl8eZafRSynwar+1H6aP0

Malware Config

Extracted

Family

redline

Botnet

testnew

C2

185.215.113.67:26260

Targets

    • Target

      2465316c17ecf1dbe8e8ee2c6acded1a83ecc2777c017ea3c92d3e0a99a46147.exe

    • Size

      304KB

    • MD5

      3ad1339dace3a7dc466e30b71ad5cad2

    • SHA1

      7f7212a80c3d851bcf79232a7c7670c0fb79238b

    • SHA256

      2465316c17ecf1dbe8e8ee2c6acded1a83ecc2777c017ea3c92d3e0a99a46147

    • SHA512

      c0715c320741e86bfe3490a3d5f85f07f933ba84902166a28a83b18bfc8a7564d8b7d98f09eed8184bc846f4627864e9ebbe95e7265b8912a6c977aca4c757bb

    • SSDEEP

      3072:Iq6EgY6iQrUjGk14lwPK/logLHejZBTAUtA7i95BcZqf7D34VeqiOLibBOh:bqY6iwwPUpSZBTAwA85BcZqf7DI/L

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks