General

  • Target

    0c34afe936fecc85fdfa87735bad598d.exe

  • Size

    444KB

  • Sample

    240519-xhgqnacf3x

  • MD5

    0c34afe936fecc85fdfa87735bad598d

  • SHA1

    9e24cc5cbac7c5667e57976d2536375ba25014e3

  • SHA256

    d15d1e547612552d7b946c802b8445fb0c603968c4353be354fe1a2a65683463

  • SHA512

    ddd81432a9e829c63dd57126926facb8b57b222632a97aef7b242eedcafb43b9d8f76491d588c6d3caefb2a4e5ea301f3b97be671b4e21aea3356b0a99ec96f7

  • SSDEEP

    6144:u8INtdy8s24pEts2HnUmPjd3xg5J+J0FfJsd6fADKY0UjuY/PoSTiRVVRupR7vau:u8+s7pEe2HPVm50J0FfbAmbUXbpaRbi

Malware Config

Extracted

Family

redline

Botnet

@Shehqqq6

C2

147.45.47.93:80

Targets

    • Target

      0c34afe936fecc85fdfa87735bad598d.exe

    • Size

      444KB

    • MD5

      0c34afe936fecc85fdfa87735bad598d

    • SHA1

      9e24cc5cbac7c5667e57976d2536375ba25014e3

    • SHA256

      d15d1e547612552d7b946c802b8445fb0c603968c4353be354fe1a2a65683463

    • SHA512

      ddd81432a9e829c63dd57126926facb8b57b222632a97aef7b242eedcafb43b9d8f76491d588c6d3caefb2a4e5ea301f3b97be671b4e21aea3356b0a99ec96f7

    • SSDEEP

      6144:u8INtdy8s24pEts2HnUmPjd3xg5J+J0FfJsd6fADKY0UjuY/PoSTiRVVRupR7vau:u8+s7pEe2HPVm50J0FfbAmbUXbpaRbi

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks