General

  • Target

    R B X 1 2 5.rar

  • Size

    9.7MB

  • Sample

    240815-nmacpsvanr

  • MD5

    775d1f7409c0507d2864d7bd283ef914

  • SHA1

    fc28466f13da0f88cde02bd70b79e8a3f093c4e3

  • SHA256

    0bf30e9e9446bb909d3459669312f5982f6af0a3dd1d61eb141c386785b52331

  • SHA512

    f3e190834aca8fa56683148ce012622360fdc575eccb6a667021df6d92cd260a57689fc7b9ca3ff47bcbeac1f2f4a8679fb46228751e8756a6925f4018cf6573

  • SSDEEP

    196608:pzg44wZIYG1SyNmDfJjO8pMjHWXjBawNBxm2gMTHNV4Y/ry++jn5H9I:m5wZIL1TCEXjHwBawzxNnrG5j5G

Malware Config

Extracted

Family

redline

C2

185.196.9.26:6302

Targets

    • Target

      R B X 1 2 5/Roblox Executor.exe

    • Size

      610KB

    • MD5

      2744b07299dfa1999cff269ea72a2b80

    • SHA1

      8f1527af2b2b9f0134d834ab959902ac99b9783f

    • SHA256

      91791c26f8831977e9d0b64d25e4e699b6b4e8360377ce3bfec803c5683470ce

    • SHA512

      724d7154965865a626b5369afff7d911198d9d9bef728cde2680a0f09565520b69044d21bf063bce5246b52bdad5c46636dd1c1b73a1e0183272a9c1f27be3ab

    • SSDEEP

      12288:s/4LI3Kvjc6xh0J5P4bEPcL9XTWMsmNkBFV2KpkL9nI9rNtFamI3v6WZDtWdD+A5:4B3P6IR4bEPU

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks