General

  • Target

    Zrzut ekranu 2024-04-07 185644.png

  • Size

    331KB

  • Sample

    240410-yqbeaadc31

  • MD5

    2a2968bea96451468e12101632bf9928

  • SHA1

    06c1b7abd47887b8a8509ca297884b9ff0d403ae

  • SHA256

    1776c5e695b5beb259ceff85bfa6f156e8c83998f10906d12d6a219d2b17eed4

  • SHA512

    b7661d8f37afb5cd7d4cac5b22f0b72ba24ee23258eea264ddc22583088fe217c3497f611d555758543b56cc205dd5f6dd5fe0d702b5241b0e4bb8b6aa422024

  • SSDEEP

    6144:O2hntBHUF5jPcz1eWGJY0S2DALtt0jrSnSU2GCVi0ojERLwpYxNhlBwuEDDH5nk:OVPc5sJY0S2D0/0jGSGWJCElwCD/EHHC

Malware Config

Extracted

Family

redline

Botnet

5664290451

C2

https://pastebin.com/raw/KE5Mft0T

Targets

    • Target

      Zrzut ekranu 2024-04-07 185644.png

    • Size

      331KB

    • MD5

      2a2968bea96451468e12101632bf9928

    • SHA1

      06c1b7abd47887b8a8509ca297884b9ff0d403ae

    • SHA256

      1776c5e695b5beb259ceff85bfa6f156e8c83998f10906d12d6a219d2b17eed4

    • SHA512

      b7661d8f37afb5cd7d4cac5b22f0b72ba24ee23258eea264ddc22583088fe217c3497f611d555758543b56cc205dd5f6dd5fe0d702b5241b0e4bb8b6aa422024

    • SSDEEP

      6144:O2hntBHUF5jPcz1eWGJY0S2DALtt0jrSnSU2GCVi0ojERLwpYxNhlBwuEDDH5nk:OVPc5sJY0S2D0/0jGSGWJCElwCD/EHHC

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks