General

  • Target

    70b21cc416c17d59a5864841ec7a8984cca913495c740a052290f36b866e4933

  • Size

    329KB

  • Sample

    240707-3nxxqathlb

  • MD5

    9cab87a4c133b50897b35e4792740667

  • SHA1

    1a396ae984e6bc04e4046ba54f9eac176a6e5a9c

  • SHA256

    70b21cc416c17d59a5864841ec7a8984cca913495c740a052290f36b866e4933

  • SHA512

    22795464c9fb2fd1032c529f0181074cfc048d1214c67fe3aacbc7c2ebda1fc2c634b9f647fb8c616f887cb05947119836618315cd58415cd2966c847593b77d

  • SSDEEP

    6144:5wnjA4Nk/tWqLYU2rY94afXCM5l7ysuA3kUVys/VUhOaCiyh:5qiWqLYHe5truAVEdyh

Malware Config

Extracted

Family

redline

Botnet

5195552529

C2

https://t.me/+7Lir0e4Gw381MDhi*https://steamcommunity.com/profiles/76561199038841443

Targets

    • Target

      70b21cc416c17d59a5864841ec7a8984cca913495c740a052290f36b866e4933

    • Size

      329KB

    • MD5

      9cab87a4c133b50897b35e4792740667

    • SHA1

      1a396ae984e6bc04e4046ba54f9eac176a6e5a9c

    • SHA256

      70b21cc416c17d59a5864841ec7a8984cca913495c740a052290f36b866e4933

    • SHA512

      22795464c9fb2fd1032c529f0181074cfc048d1214c67fe3aacbc7c2ebda1fc2c634b9f647fb8c616f887cb05947119836618315cd58415cd2966c847593b77d

    • SSDEEP

      6144:5wnjA4Nk/tWqLYU2rY94afXCM5l7ysuA3kUVys/VUhOaCiyh:5qiWqLYHe5truAVEdyh

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks