General

  • Target

    7f12d621d13d212ed99ef23b8fa1b34337a4491f8df52dd3e5c0b9f3568f2c1b.exe

  • Size

    710KB

  • Sample

    240705-v9aqbavdnf

  • MD5

    5e30ff1d98cb47c26d6b0a3c0449f11c

  • SHA1

    1c28d0a969cd8db92202cfe923d18e39d9c305be

  • SHA256

    7f12d621d13d212ed99ef23b8fa1b34337a4491f8df52dd3e5c0b9f3568f2c1b

  • SHA512

    09c77fb31508ff09b32bec6ed57751d70a3cd0167bb70898a1453af2c0b22f6803c4ca0a5ecedbbc3e734cf284d2fc3e4a7236f9be54b6bea122f35ee59d3b75

  • SSDEEP

    12288:LFMofC1PTw3uX/CKSIJ/1PFMdCzXsbaDdaewqS4GkmxE/9l3Qg1t:LF+1TuM/MIJ/G6aenc033

Malware Config

Extracted

Family

redline

Botnet

foz

C2

79.110.62.16:1912

Targets

    • Target

      7f12d621d13d212ed99ef23b8fa1b34337a4491f8df52dd3e5c0b9f3568f2c1b.exe

    • Size

      710KB

    • MD5

      5e30ff1d98cb47c26d6b0a3c0449f11c

    • SHA1

      1c28d0a969cd8db92202cfe923d18e39d9c305be

    • SHA256

      7f12d621d13d212ed99ef23b8fa1b34337a4491f8df52dd3e5c0b9f3568f2c1b

    • SHA512

      09c77fb31508ff09b32bec6ed57751d70a3cd0167bb70898a1453af2c0b22f6803c4ca0a5ecedbbc3e734cf284d2fc3e4a7236f9be54b6bea122f35ee59d3b75

    • SSDEEP

      12288:LFMofC1PTw3uX/CKSIJ/1PFMdCzXsbaDdaewqS4GkmxE/9l3Qg1t:LF+1TuM/MIJ/G6aenc033

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks