General

  • Target

    build.exe

  • Size

    1.0MB

  • Sample

    241010-1pcbasyblg

  • MD5

    bed1f6aaf3f0c322f0de048e545eb27a

  • SHA1

    3aafcbbdc94dc190866010167800292eb4aea1e0

  • SHA256

    bd84235f8afd545e6353a88bb869a2b630140df437f484e7bbe9803f60b044ba

  • SHA512

    db709eadf1deb08426b4ab94f0f48f74bc02be5b281387151b411bff057a6eec5b1b1c3eed801177fa7259aea69066104f9ee40fe1d8d32a918671747d32a59a

  • SSDEEP

    12288:+MSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9VLcUzsigBNkfzj:+nsJ39LyjbJkQFMhmC+6GD9yUNgBNG

Malware Config

Extracted

Family

redline

Botnet

1

C2

50.114.242.2:1912

Targets

    • Target

      build.exe

    • Size

      1.0MB

    • MD5

      bed1f6aaf3f0c322f0de048e545eb27a

    • SHA1

      3aafcbbdc94dc190866010167800292eb4aea1e0

    • SHA256

      bd84235f8afd545e6353a88bb869a2b630140df437f484e7bbe9803f60b044ba

    • SHA512

      db709eadf1deb08426b4ab94f0f48f74bc02be5b281387151b411bff057a6eec5b1b1c3eed801177fa7259aea69066104f9ee40fe1d8d32a918671747d32a59a

    • SSDEEP

      12288:+MSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9VLcUzsigBNkfzj:+nsJ39LyjbJkQFMhmC+6GD9yUNgBNG

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks