General

  • Target

    o91

  • Size

    48KB

  • Sample

    240521-p5gp6sef4y

  • MD5

    59ca8a9089603869534b0b92ad71d692

  • SHA1

    ab6ebbd19fef4b455a840110904da7ef8d191565

  • SHA256

    5cbfcf9de7d0115c7df4b418225cdebc1e543532989eaaa794bc74647528abfa

  • SHA512

    a0b0799f94b4de2f3021b858ff7c54bcc9d55b78196eb2a3e8f9566ba96cbc41d7ee31499616dbf4a7217f8e64f959096eb05ab179c04d0d05e99a6f972fb7e7

  • SSDEEP

    768:KUkWjshoLvY8fsm9/5LAqjkbTMWlkSJY3Tfnm9BN:1s+LFsnqjkbTMWlkSJY3TfmB

Malware Config

Targets

    • Target

      o91

    • Size

      48KB

    • MD5

      59ca8a9089603869534b0b92ad71d692

    • SHA1

      ab6ebbd19fef4b455a840110904da7ef8d191565

    • SHA256

      5cbfcf9de7d0115c7df4b418225cdebc1e543532989eaaa794bc74647528abfa

    • SHA512

      a0b0799f94b4de2f3021b858ff7c54bcc9d55b78196eb2a3e8f9566ba96cbc41d7ee31499616dbf4a7217f8e64f959096eb05ab179c04d0d05e99a6f972fb7e7

    • SSDEEP

      768:KUkWjshoLvY8fsm9/5LAqjkbTMWlkSJY3Tfnm9BN:1s+LFsnqjkbTMWlkSJY3TfmB

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks