General

  • Target

    Pornhub Premium 9.22v.rar

  • Size

    4.2MB

  • Sample

    240409-bn4lqahf88

  • MD5

    feb48f3be85fb927732814e7705545ff

  • SHA1

    afd00f3a4181e33861f5510edcb3f4cc35f97d72

  • SHA256

    66b6d796e64934c6e4059c159a649296cfc1d58a74803b55a6337e5bf8978be1

  • SHA512

    b2b7c06ac7164adda441cdd17bf597f7e83bcaf03c3656a352f976da695377980d43a87b904e52aa3a2c7a94dff6c856eda8079f1ef35118090bcebfd3f807db

  • SSDEEP

    98304:FeEGcno6F7GhR/lD6U7JRUfvdDOn8C39U3XhgGKGcruhmBSgG:FeEGSG/l+GQxOn8Qivmky3G

Malware Config

Extracted

Family

redline

Botnet

@Ebursteamss

C2

45.15.156.167:80

Targets

    • Target

      Pornhub Premium 9.22v.rar

    • Size

      4.2MB

    • MD5

      feb48f3be85fb927732814e7705545ff

    • SHA1

      afd00f3a4181e33861f5510edcb3f4cc35f97d72

    • SHA256

      66b6d796e64934c6e4059c159a649296cfc1d58a74803b55a6337e5bf8978be1

    • SHA512

      b2b7c06ac7164adda441cdd17bf597f7e83bcaf03c3656a352f976da695377980d43a87b904e52aa3a2c7a94dff6c856eda8079f1ef35118090bcebfd3f807db

    • SSDEEP

      98304:FeEGcno6F7GhR/lD6U7JRUfvdDOn8C39U3XhgGKGcruhmBSgG:FeEGSG/l+GQxOn8Qivmky3G

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks