General

  • Target

    Solara_Installer.exe

  • Size

    16.0MB

  • Sample

    240521-jz19qsea41

  • MD5

    dbbc481dabc773c2aef2fa9061545e2e

  • SHA1

    c637bcea97f81ae80c48cca29ef44d8f46d80fd9

  • SHA256

    4912f115f5daf63bd8c18e4b7c5d231ab2279ae561b188f51200ead6029293b7

  • SHA512

    c44d8b6cfb3f7597315af2be4aa1b5513da305807c2abceb999b8ffe9b773ff515d1974152e06eb1e054ad74cca2a2acf23524bb1a8c1f981b309837ae4e4a25

  • SSDEEP

    393216:oC2kpfKq5Rp0Md0j/nL/oq58W+0krTXMa3xsAVd:ykpCqB7d0bqPHTN3xZd

Malware Config

Extracted

Family

redline

Botnet

6077866846_99

C2

https://pastebin.com/raw/8baCJyMF

Targets

    • Target

      Solara_Installer.exe

    • Size

      16.0MB

    • MD5

      dbbc481dabc773c2aef2fa9061545e2e

    • SHA1

      c637bcea97f81ae80c48cca29ef44d8f46d80fd9

    • SHA256

      4912f115f5daf63bd8c18e4b7c5d231ab2279ae561b188f51200ead6029293b7

    • SHA512

      c44d8b6cfb3f7597315af2be4aa1b5513da305807c2abceb999b8ffe9b773ff515d1974152e06eb1e054ad74cca2a2acf23524bb1a8c1f981b309837ae4e4a25

    • SSDEEP

      393216:oC2kpfKq5Rp0Md0j/nL/oq58W+0krTXMa3xsAVd:ykpCqB7d0bqPHTN3xZd

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks