General

  • Target

    4F26B9B399E238579178958FC76C17AB1A605A33CB6BD6D47AAC073596A2DEE6.exe

  • Size

    384KB

  • Sample

    240724-rgpf8ashrf

  • MD5

    2ff5a03dff94e3d9cb079b4da0e57cf5

  • SHA1

    d6483a3b778de602ba2c5657ca8efa2a0b75e3de

  • SHA256

    3492109e6402567ad87451c72a554d3f112b5f59f3fb97e84082a767c2c76108

  • SHA512

    34cd550664d44cb43d49ca060fe02f59cf19e0555adfe0f188b4f0877e6408b09ec5087ed606e0c7e7b39ec1d10f8305268337048b73bf36e9d67b6d64960f41

  • SSDEEP

    6144:++pLw3TFfhAvLp2z62Dpl+X9Z+nD0nYwL6Q9HL6QGI7:BpLITFaKtuX9QnDmjj9rjGI

Malware Config

Extracted

Family

redline

Botnet

03252020

C2

62.204.41.166:27688

Attributes
  • auth_value

    615a24be0b062774496a554724a2fe2b

Extracted

Family

arkei

Botnet

Default

C2

62.204.41.69/p8jG9WvgbE.php

Targets

    • Target

      4F26B9B399E238579178958FC76C17AB1A605A33CB6BD6D47AAC073596A2DEE6.exe

    • Size

      384KB

    • MD5

      2ff5a03dff94e3d9cb079b4da0e57cf5

    • SHA1

      d6483a3b778de602ba2c5657ca8efa2a0b75e3de

    • SHA256

      3492109e6402567ad87451c72a554d3f112b5f59f3fb97e84082a767c2c76108

    • SHA512

      34cd550664d44cb43d49ca060fe02f59cf19e0555adfe0f188b4f0877e6408b09ec5087ed606e0c7e7b39ec1d10f8305268337048b73bf36e9d67b6d64960f41

    • SSDEEP

      6144:++pLw3TFfhAvLp2z62Dpl+X9Z+nD0nYwL6Q9HL6QGI7:BpLITFaKtuX9QnDmjj9rjGI

    • Arkei

      Arkei is an infostealer written in C++.

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks