General

  • Target

    OpeًnMе.zip

  • Size

    57.4MB

  • Sample

    240930-hq9n3swcrf

  • MD5

    5e7692a27a15badbe3513d31976a2151

  • SHA1

    1381e5a5c6da879d28f68dffca8e11f991b91320

  • SHA256

    0b9497c2f81bdb66199a06ac5c5a6859d4ed457d459711ee719ad768b49868ae

  • SHA512

    c71d54075aba823494583fe30b9da20c382e8300331cc5bdb813d1cf9eb221b7caf414b03d0d4be99fd5655a332cc3d5e1e496daf1f78a884353e762c83b8d09

  • SSDEEP

    1572864:0NLTO8mrwOfKWQPvmu85Gir/5O9pT7Vr8xM7/wac:iTOzUPv00SqOxMTwh

Malware Config

Extracted

Family

redline

C2

185.196.9.26:6302

Targets

    • Target

      Bootstrapper.exe

    • Size

      284KB

    • MD5

      fa1c1fcc619721d1893c63202d50f8ba

    • SHA1

      767dc9467114561897c2bbf64f5ed277bc29ae10

    • SHA256

      e35d3e27246802dedb9608a7a8bacf385282e66601b8a80ce3c703a5c234f934

    • SHA512

      9b46194bb04d094bed5ace8e46145877d4ddad85297861bc2a41e5a8ee094eb410641f8f3238e7bdd6d6289ab3dfbb4a542806579b1ac4f8630bcf9861c2f5bb

    • SSDEEP

      6144:wxUXj6jSRtoAHuIk5+XihRBD/u59nOik6midiUgxL:wxvjeH5k5yqPqTOb63iUgxL

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks