General

  • Target

    c3d082dc82e11e3ca3047d9cf612e8d925cfcc40a17d0eb312833f861184ea3a

  • Size

    432KB

  • Sample

    240526-c7emdaca7v

  • MD5

    291cd1c945bc670579cb5c5005afb42e

  • SHA1

    3e4ba20eed4b88d9efcfeb6bcdb53d8b91365f3d

  • SHA256

    c3d082dc82e11e3ca3047d9cf612e8d925cfcc40a17d0eb312833f861184ea3a

  • SHA512

    e34d895a06953a1fb2681884e045b5d4e2da3b41ea3f4ddbce63e0195f5d8ecf2d1c5606374b2172d7de7c19e4c55ffc3be4ca2dd71ac725e44d68b39d6596d2

  • SSDEEP

    12288:AIVy90mtOPfwhZifxu2sb6HAAebxOEkjQf0dS:dydtocVbrkMcdS

Malware Config

Extracted

Family

redline

Botnet

furod

C2

77.91.68.70:19073

Attributes
  • auth_value

    d2386245fe11799b28b4521492a5879d

Targets

    • Target

      c3d082dc82e11e3ca3047d9cf612e8d925cfcc40a17d0eb312833f861184ea3a

    • Size

      432KB

    • MD5

      291cd1c945bc670579cb5c5005afb42e

    • SHA1

      3e4ba20eed4b88d9efcfeb6bcdb53d8b91365f3d

    • SHA256

      c3d082dc82e11e3ca3047d9cf612e8d925cfcc40a17d0eb312833f861184ea3a

    • SHA512

      e34d895a06953a1fb2681884e045b5d4e2da3b41ea3f4ddbce63e0195f5d8ecf2d1c5606374b2172d7de7c19e4c55ffc3be4ca2dd71ac725e44d68b39d6596d2

    • SSDEEP

      12288:AIVy90mtOPfwhZifxu2sb6HAAebxOEkjQf0dS:dydtocVbrkMcdS

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Detects executables containing base64 encoded User Agent

    • Detects executables packed with ConfuserEx Mod

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Tasks