General

  • Target

    build.exe

  • Size

    300KB

  • Sample

    240706-e83rpsybpd

  • MD5

    d9b62efdcd79eaaa10970523ee9c43bd

  • SHA1

    e4e1922e10895b250450c9b69246f55f71ea0fb3

  • SHA256

    057e8f24fa437c39261dfdea79f080ac531753e2edb701bbfaf2a16910675673

  • SHA512

    e68372ba27b12372e18544aa8ded857b34bd866e5909125a5f62b120c525a38271052da6c2384a703a6d88fe92b3b9020a612bd00abea5529ff1cb15da9efe92

  • SSDEEP

    3072:OcZqf7D34cp/0+mAgkygC+QQEgefB1fA0PuTVAtkxzB3RgeqiOL2bBOA:OcZqf7DIknY+joB1fA0GTV8kngL

Malware Config

Extracted

Family

redline

Botnet

GameTrash

C2

213.219.199.48:1912

Targets

    • Target

      build.exe

    • Size

      300KB

    • MD5

      d9b62efdcd79eaaa10970523ee9c43bd

    • SHA1

      e4e1922e10895b250450c9b69246f55f71ea0fb3

    • SHA256

      057e8f24fa437c39261dfdea79f080ac531753e2edb701bbfaf2a16910675673

    • SHA512

      e68372ba27b12372e18544aa8ded857b34bd866e5909125a5f62b120c525a38271052da6c2384a703a6d88fe92b3b9020a612bd00abea5529ff1cb15da9efe92

    • SSDEEP

      3072:OcZqf7D34cp/0+mAgkygC+QQEgefB1fA0PuTVAtkxzB3RgeqiOL2bBOA:OcZqf7DIknY+joB1fA0GTV8kngL

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks