General

  • Target

    Launcher.exe

  • Size

    2.1MB

  • Sample

    240708-ew69cssbmq

  • MD5

    027bb5827e250671ebaee0200df3eaf4

  • SHA1

    73329c59bc6cc585ec1c18e216da1c65b5518c62

  • SHA256

    80f306d656669534f8996c5b83c6b0c1aa87e0097bac53b79d8ec30550ea5e44

  • SHA512

    49f5ce1731b941854566037a5bf1495b1151e5b770a482677d86ac3ab1dc8dd0f3269f90a054d8d828560767d4098850f819a144f14fd62314326d2b15a9b6d9

  • SSDEEP

    3072:bcZqf7D34kp/0+mAokyOppAQUg2ZB1fA0PuTVAtkxzl3Rp:bcZqf7DIcnHrz6B1fA0GTV8kL

Malware Config

Extracted

Family

redline

Botnet

zenless-github

C2

89.23.101.114:1912

Targets

    • Target

      Launcher.exe

    • Size

      2.1MB

    • MD5

      027bb5827e250671ebaee0200df3eaf4

    • SHA1

      73329c59bc6cc585ec1c18e216da1c65b5518c62

    • SHA256

      80f306d656669534f8996c5b83c6b0c1aa87e0097bac53b79d8ec30550ea5e44

    • SHA512

      49f5ce1731b941854566037a5bf1495b1151e5b770a482677d86ac3ab1dc8dd0f3269f90a054d8d828560767d4098850f819a144f14fd62314326d2b15a9b6d9

    • SSDEEP

      3072:bcZqf7D34kp/0+mAokyOppAQUg2ZB1fA0PuTVAtkxzl3Rp:bcZqf7DIcnHrz6B1fA0GTV8kL

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks