General

  • Target

    174047408DE41770494EF4CFDC6B4B75.exe

  • Size

    374KB

  • Sample

    240526-dwbl1sda7t

  • MD5

    174047408de41770494ef4cfdc6b4b75

  • SHA1

    be5d55981090e243d3fcf50195a4f8f52624d5c4

  • SHA256

    f10e15ec0b0ed8ea201ac5f07b1bf547d3c592d3b1a359f564c8dc717dfca690

  • SHA512

    45b818ce122388fca30146e1b788d30540da808adcd4881bae60026445896367ab6caeac6d082750703380e697a9dbaa1db9259660edfcdd2a518cb271a6ee58

  • SSDEEP

    6144:yauvUJRc8Xk96UudPq/KvhvhNTbFCUFyw0eOz0wDmz6E6NgYnMfhlD16Xd9Cnx:yaOUJDUZu2wbueyxZM6z8hlD1H

Malware Config

Extracted

Family

redline

Botnet

6894345723_99

C2

https://pastebin.com/raw/8baCJyMF

Targets

    • Target

      174047408DE41770494EF4CFDC6B4B75.exe

    • Size

      374KB

    • MD5

      174047408de41770494ef4cfdc6b4b75

    • SHA1

      be5d55981090e243d3fcf50195a4f8f52624d5c4

    • SHA256

      f10e15ec0b0ed8ea201ac5f07b1bf547d3c592d3b1a359f564c8dc717dfca690

    • SHA512

      45b818ce122388fca30146e1b788d30540da808adcd4881bae60026445896367ab6caeac6d082750703380e697a9dbaa1db9259660edfcdd2a518cb271a6ee58

    • SSDEEP

      6144:yauvUJRc8Xk96UudPq/KvhvhNTbFCUFyw0eOz0wDmz6E6NgYnMfhlD16Xd9Cnx:yaOUJDUZu2wbueyxZM6z8hlD1H

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Collection

Data from Local System

1
T1005

Command and Control

Web Service

1
T1102

Tasks