General

  • Target

    World of tanks cheat.rar

  • Size

    3.5MB

  • Sample

    240410-29w2wahb31

  • MD5

    ded388012abab0fae9285fefbc0d7594

  • SHA1

    51897f377812acd6866a49d4624b1961cb2ba74e

  • SHA256

    c46e67c08296a8f53301627603f51b823a74fd2a6f7b12267b7eeb8ce05139b7

  • SHA512

    9278490bfa9d015839110982a93df603e2cf2db4628caf2cd988a797bacad75226387580fb9277c4a9bd6305284222575ef8e721ebd2ffff662f34e6ec8bbe21

  • SSDEEP

    98304:RtJ5AhQAdqVCXL2VXL7kye9metDNESgvYFIzZSon29dJ:RncQssXLg9jwSgvOINznEj

Malware Config

Extracted

Family

redline

Botnet

607012704_99

C2

trenity.top:28786

Attributes
  • auth_value

    c34780e98b8831b21692c194755d5cb3

Targets

    • Target

      World of tanks cheat.rar

    • Size

      3.5MB

    • MD5

      ded388012abab0fae9285fefbc0d7594

    • SHA1

      51897f377812acd6866a49d4624b1961cb2ba74e

    • SHA256

      c46e67c08296a8f53301627603f51b823a74fd2a6f7b12267b7eeb8ce05139b7

    • SHA512

      9278490bfa9d015839110982a93df603e2cf2db4628caf2cd988a797bacad75226387580fb9277c4a9bd6305284222575ef8e721ebd2ffff662f34e6ec8bbe21

    • SSDEEP

      98304:RtJ5AhQAdqVCXL2VXL7kye9metDNESgvYFIzZSon29dJ:RncQssXLg9jwSgvOINznEj

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks