General

  • Target

    cc03430547aeb57a48bea8b42166aa5d67fa03097c8e6.exe

  • Size

    1.1MB

  • Sample

    240706-cjebpssfmp

  • MD5

    4ac5de9d55c788c81412dcf74816b202

  • SHA1

    16fbfc093f8bc4ba382bcbf52361cc8acfe4c2a4

  • SHA256

    cc03430547aeb57a48bea8b42166aa5d67fa03097c8e6e1db055e30dc27e9baf

  • SHA512

    3aac7dcca7baa365788d4829c9374054bb614da65fe81cf70deb8b22eec91f99b0fae87baabe13b2228ea7c3961200142aad8f875608bd8dcfa534e9fe18efc5

  • SSDEEP

    24576:CBWD95o5+hFcG4fVdx8Wx9YPt0Sx611O4sAG8y1:CBWgp3p2trxM1v/G51

Malware Config

Extracted

Family

redline

Botnet

crackcloud

C2

94.156.67.140:31957

Targets

    • Target

      cc03430547aeb57a48bea8b42166aa5d67fa03097c8e6.exe

    • Size

      1.1MB

    • MD5

      4ac5de9d55c788c81412dcf74816b202

    • SHA1

      16fbfc093f8bc4ba382bcbf52361cc8acfe4c2a4

    • SHA256

      cc03430547aeb57a48bea8b42166aa5d67fa03097c8e6e1db055e30dc27e9baf

    • SHA512

      3aac7dcca7baa365788d4829c9374054bb614da65fe81cf70deb8b22eec91f99b0fae87baabe13b2228ea7c3961200142aad8f875608bd8dcfa534e9fe18efc5

    • SSDEEP

      24576:CBWD95o5+hFcG4fVdx8Wx9YPt0Sx611O4sAG8y1:CBWgp3p2trxM1v/G51

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks