General

  • Target

    build.exe

  • Size

    95KB

  • Sample

    240821-nk5e3azbmm

  • MD5

    695a3ba7607dc944460df384ede6b99c

  • SHA1

    6d13f5ab403c28bd01dbce6bb3306adcc85155cd

  • SHA256

    b1d455f726de74f908592365bb3a848cf29b6f8bf575d783d69d46bb996f6d24

  • SHA512

    555aa30eff75c3fdd8a5e95ba6d26b6759762b953c3bf174f17c28bbc28cf2891b11acbdab1da0f3dc7c6b08f6f113e115158bf7504a6d57adf6bc34590d1007

  • SSDEEP

    1536:1qskfq+TmlbG6jejoigI/43Ywzi0Zb78ivombfexv0ujXyyed2LtmulgS6pg:z6taY/+zi0ZbYe1g0ujyzdDg

Malware Config

Extracted

Family

redline

Botnet

cs

C2

194.49.68.19:4483

Targets

    • Target

      build.exe

    • Size

      95KB

    • MD5

      695a3ba7607dc944460df384ede6b99c

    • SHA1

      6d13f5ab403c28bd01dbce6bb3306adcc85155cd

    • SHA256

      b1d455f726de74f908592365bb3a848cf29b6f8bf575d783d69d46bb996f6d24

    • SHA512

      555aa30eff75c3fdd8a5e95ba6d26b6759762b953c3bf174f17c28bbc28cf2891b11acbdab1da0f3dc7c6b08f6f113e115158bf7504a6d57adf6bc34590d1007

    • SSDEEP

      1536:1qskfq+TmlbG6jejoigI/43Ywzi0Zb78ivombfexv0ujXyyed2LtmulgS6pg:z6taY/+zi0ZbYe1g0ujyzdDg

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks