General

  • Target

    R B X D 2 5.rar

  • Size

    9.7MB

  • Sample

    240724-nsj44axeja

  • MD5

    1c7b93eb46e110fdeda1eb23a3a810cd

  • SHA1

    bf23d1dcd6bd4546bd14b6a44c6e58239af29851

  • SHA256

    ad329ddc9cf9c640ca7705fc3ce47c717f796b55466ec0882509f8596b35ae60

  • SHA512

    5c085bc838f8c0587602c7025c31ba813871d91cf9dbf1605753f7a3ab3a0d06e0e67608c2b383877469205471656aba8e7a71a4d9e17e84bb2a09d1db22683a

  • SSDEEP

    196608:IknltSmQx76wYWhEBDvwHXMsGU6l/C+c23XQ72x7qNL9AUyjM4DmM:v0zl6wYWKBDoH8sFMnc2AhNL9imM

Malware Config

Extracted

Family

redline

C2

185.196.9.26:6302

Targets

    • Target

      R B X D 2 5/Client.config

    • Size

      33.0MB

    • MD5

      157bca5bfbab154797fbbe947946084f

    • SHA1

      280096391abd2ea592198d205b6e44cdd2408121

    • SHA256

      f9aae2ca83d60ae3a6e443d23c91672cda766f73003e4f3f0f99eec1f336d946

    • SHA512

      5fbbaa59d4425779ecae554372a476414a60b70fe190ca408a0505b13064866d1576e6409e657d2933cd5922a053aacdf7c01b457b3385476dabfe1c46b5c1da

    • SSDEEP

      786432:BeCve2OlHAoFfgrh96BKMZvBx9ImCrWFi6:BejjlHAopI9xABx9ErWFi6

    Score
    3/10
    • Target

      R B X D 2 5/Roblox Executor.exe

    • Size

      617KB

    • MD5

      9714295e9923e34582c059579d65ae07

    • SHA1

      c324b11f5b263557c02489000c5113c82642972e

    • SHA256

      de99e2a1094f9c515a38650647a1c59d7ce944d0663da7ede1ac420c383ffb5b

    • SHA512

      644f66c4182451e12b4b0e57ce2e8f2a948a7a41bb1574da40bc77cf5f4e774970a00739040f4754fe7ae33fb6181b60685c9d22f9ef413a022724f2526b1322

    • SSDEEP

      12288:VazFFI6e+Td5sWHc1vSEQ0YC/W2b6QnZTxU/yqYKWar/X3ZUtxtMbB7FB4RxCHyF:+X7hDsWHcldb6QZzze

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks