General

  • Target

    file.exe

  • Size

    95KB

  • Sample

    240924-y95ggaxbnc

  • MD5

    14bd964c6e45ac40d474f56d03cb98ce

  • SHA1

    69293148466e1e9701829382a0d60dbab8c7e34c

  • SHA256

    98f576bf9c2b7f7cc2f174d5f4793f0faecf424ba89e6c3ef97fb40deec0e575

  • SHA512

    70eef9d6b8b35aaea37fc5517b0af3b04def62695f1d5026ec1453d222663181bfd067d752b82961447bf9128424a75ba94229810be612f0dd86a4ad8273b983

  • SSDEEP

    1536:iqs+NqBUlbG6jejoigIk43Ywzi0Zb78ivombfexv0ujXyyed2ptmulgS6p4:AuCMYk+zi0ZbYe1g0ujyzdp4

Malware Config

Extracted

Family

redline

Botnet

www.exodusmirrors.com

C2

91.92.251.170:1334

Targets

    • Target

      file.exe

    • Size

      95KB

    • MD5

      14bd964c6e45ac40d474f56d03cb98ce

    • SHA1

      69293148466e1e9701829382a0d60dbab8c7e34c

    • SHA256

      98f576bf9c2b7f7cc2f174d5f4793f0faecf424ba89e6c3ef97fb40deec0e575

    • SHA512

      70eef9d6b8b35aaea37fc5517b0af3b04def62695f1d5026ec1453d222663181bfd067d752b82961447bf9128424a75ba94229810be612f0dd86a4ad8273b983

    • SSDEEP

      1536:iqs+NqBUlbG6jejoigIk43Ywzi0Zb78ivombfexv0ujXyyed2ptmulgS6p4:AuCMYk+zi0ZbYe1g0ujyzdp4

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • SectopRAT

      SectopRAT is a remote access trojan first seen in November 2019.

    • SectopRAT payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks