General

  • Target

    Setup.exe

  • Size

    377KB

  • Sample

    240410-zzezhaef3x

  • MD5

    17c5c9e103273f7a818cd7fe839e7ac1

  • SHA1

    253a7fec9e710a2ca430aa6c93931ddbd3533fe3

  • SHA256

    3dc1ac36becfb3df765763330a5d1394ff89ac2ba6d6272f2861129a96042b67

  • SHA512

    491f7d5895272b1291377a13571a3991d5e9b7c6a6b8a5cd83eb623e42349387d660b2b7844b2a29968795c1f915bca68fe52164bfdbb623df40cb6b3ba49c54

  • SSDEEP

    6144:CSRiwi+geAHpbeio8Gie3/qqtFMrjV3W1cD0ljT+YgamLWDt/E+8uJ/K4S/2xxbM:CagrJhJe3/htF0DCjT3gamqDtsduJ/Dy

Malware Config

Extracted

Family

redline

Botnet

@Ebursteamss

C2

45.15.156.167:80

Targets

    • Target

      Setup.exe

    • Size

      377KB

    • MD5

      17c5c9e103273f7a818cd7fe839e7ac1

    • SHA1

      253a7fec9e710a2ca430aa6c93931ddbd3533fe3

    • SHA256

      3dc1ac36becfb3df765763330a5d1394ff89ac2ba6d6272f2861129a96042b67

    • SHA512

      491f7d5895272b1291377a13571a3991d5e9b7c6a6b8a5cd83eb623e42349387d660b2b7844b2a29968795c1f915bca68fe52164bfdbb623df40cb6b3ba49c54

    • SSDEEP

      6144:CSRiwi+geAHpbeio8Gie3/qqtFMrjV3W1cD0ljT+YgamLWDt/E+8uJ/K4S/2xxbM:CagrJhJe3/htF0DCjT3gamqDtsduJ/Dy

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks