General

  • Target

    Raven.exe

  • Size

    637KB

  • Sample

    240706-jhjy5a1clp

  • MD5

    fdf3579f40fbd08ad74814f0608d17f6

  • SHA1

    b67f6d5d27d0809e4961152a4f799f484185ca9d

  • SHA256

    a469cb5ec9ad6345d3542c24edeec932de343bb72a131796bb607a133b2ddaea

  • SHA512

    daf46b0b475efdaf5491ac264766ca144efbcb3157663bc7974d165303ff5535d6724d19e2fe9ac67771f4a25ac1167c5e2078b070758226cc216646d94591bc

  • SSDEEP

    12288:/O7z8ppCB3Df8lFQ2K7/EjwqFlo+tJZGwOkwm3KHiKI6TmjsTjRwrpo8Wy8mdWqb:GapG8lq2g/yKyx

Malware Config

Extracted

Family

redline

Botnet

7182038265_99

C2

https://t.me/+7Lir0e4Gw381MDhi*https://steamcommunity.com/id/993846634744/

Targets

    • Target

      Raven.exe

    • Size

      637KB

    • MD5

      fdf3579f40fbd08ad74814f0608d17f6

    • SHA1

      b67f6d5d27d0809e4961152a4f799f484185ca9d

    • SHA256

      a469cb5ec9ad6345d3542c24edeec932de343bb72a131796bb607a133b2ddaea

    • SHA512

      daf46b0b475efdaf5491ac264766ca144efbcb3157663bc7974d165303ff5535d6724d19e2fe9ac67771f4a25ac1167c5e2078b070758226cc216646d94591bc

    • SSDEEP

      12288:/O7z8ppCB3Df8lFQ2K7/EjwqFlo+tJZGwOkwm3KHiKI6TmjsTjRwrpo8Wy8mdWqb:GapG8lq2g/yKyx

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks