General

  • Target

    file.exe

  • Size

    312KB

  • Sample

    240920-qlm9aayenj

  • MD5

    389881b424cf4d7ec66de13f01c7232a

  • SHA1

    d3bc5a793c1b8910e1ecc762b69b3866e4c5ba78

  • SHA256

    9d1211b3869ca43840b7da1677b257ad37521aab47719c6fcfe343121760b746

  • SHA512

    2b9517d5d9d972e8754a08863a29e3d3e3cfde58e20d433c85546c2298aad50ac8b069cafd5abb3c86e24263d662c6e1ea23c0745a2668dfd215ddbdfbd1ab96

  • SSDEEP

    6144:mmAUwI0Q3r6UBqC7e8O5rvH9MMoBfOWf6dX/mY9Row3:mmANIL3OUBqC7e15M/6d/Mw3

Malware Config

Extracted

Family

redline

Botnet

LiveTraffic

C2

95.179.250.45:26212

Targets

    • Target

      file.exe

    • Size

      312KB

    • MD5

      389881b424cf4d7ec66de13f01c7232a

    • SHA1

      d3bc5a793c1b8910e1ecc762b69b3866e4c5ba78

    • SHA256

      9d1211b3869ca43840b7da1677b257ad37521aab47719c6fcfe343121760b746

    • SHA512

      2b9517d5d9d972e8754a08863a29e3d3e3cfde58e20d433c85546c2298aad50ac8b069cafd5abb3c86e24263d662c6e1ea23c0745a2668dfd215ddbdfbd1ab96

    • SSDEEP

      6144:mmAUwI0Q3r6UBqC7e8O5rvH9MMoBfOWf6dX/mY9Row3:mmANIL3OUBqC7e15M/6d/Mw3

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks