General

  • Target

    77ccc61481c9fa009dfb6af2f6293b604312d440df4338e757ad2df844d10e0b.exe

  • Size

    800KB

  • Sample

    240706-bwwwva1hnk

  • MD5

    b7d9ebad39110de3ff89686962c3270b

  • SHA1

    a6e86e8d2ff174655eb1d30c62506db91e26c943

  • SHA256

    77ccc61481c9fa009dfb6af2f6293b604312d440df4338e757ad2df844d10e0b

  • SHA512

    33e0439e08deb2c35ddf27e1604efa75888509340b96a4e44f976f00a5cf5f61d2f209837c8a48850224bd08ceaa08b2137ddb1307b147d834e695c2fd573234

  • SSDEEP

    24576:87LxpIU55gevCR+vlum6CMQe5aFpBpLHLKRAwn:6vTPdkDl5u/FQBn

Malware Config

Extracted

Family

redline

Botnet

foz

C2

79.110.62.16:1912

Targets

    • Target

      77ccc61481c9fa009dfb6af2f6293b604312d440df4338e757ad2df844d10e0b.exe

    • Size

      800KB

    • MD5

      b7d9ebad39110de3ff89686962c3270b

    • SHA1

      a6e86e8d2ff174655eb1d30c62506db91e26c943

    • SHA256

      77ccc61481c9fa009dfb6af2f6293b604312d440df4338e757ad2df844d10e0b

    • SHA512

      33e0439e08deb2c35ddf27e1604efa75888509340b96a4e44f976f00a5cf5f61d2f209837c8a48850224bd08ceaa08b2137ddb1307b147d834e695c2fd573234

    • SSDEEP

      24576:87LxpIU55gevCR+vlum6CMQe5aFpBpLHLKRAwn:6vTPdkDl5u/FQBn

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks