General

  • Target

    devًexec.zip

  • Size

    57.4MB

  • Sample

    240929-m7bwlavdrc

  • MD5

    c05b7d9d580d38dbdcd621c982c57357

  • SHA1

    3d5650f018436d67b2a52da38e7828bbf4a020f8

  • SHA256

    8c6b5434123f98046508c84022b07393cffd6749270f69e6432bbf184b08d4a6

  • SHA512

    3e80dd55fb650cfc9c1925de0f00194b8a77ee7287036b16b7ef51a316c1cb4f14d250577b24047d20901a371df0a76becd51d4a5e0b338b7e2f51141540a4ef

  • SSDEEP

    1572864:oIL+InvQwN3GEgFg0md2IfEJZZoXmJWK0Vms7KxC/CsPb:f+iYwJCFgPdNqZZoXmJWK0V5l

Malware Config

Extracted

Family

redline

C2

185.196.9.26:6302

Targets

    • Target

      Bootstrapper 1.07.exe

    • Size

      310KB

    • MD5

      66e2659120cbf66a1d60e63e76c941d6

    • SHA1

      d38f3933adb3e70a4f4878fd9388d1f6941981dc

    • SHA256

      816b9928538d75d5eabc68327879e3e205bfe820495a20fa06696865282be378

    • SHA512

      734271b93cbac615b2b8811c2848bbb5b8818414292e5f8261c45ee54dd3f1310002441193e76c83b686ca16be09cc1b0a3d948533ac1b6a23568cfe5018c8c2

    • SSDEEP

      6144:T6hThwAw9HYOzx6BsO/HxISYVFOFM5gdrOpCubFQEXYYSjxSHZbk:T+tmHYuO/RxYy650OpCaF8YSlSHZbk

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks