General

  • Target

    software (1717).zip

  • Size

    18.1MB

  • Sample

    241021-h8vymsvcle

  • MD5

    8542601101a3c2993654f98af20b29c4

  • SHA1

    e467f452b9876d61eb2f41b223de871261733c56

  • SHA256

    da052162ab06a4fae3b0b8010e72f2d7973608b8a965bc9612a84ce88b291981

  • SHA512

    d36827edb0d7245268c97f0c04fc27453a4ad49278ddca7793759f59358386d3dd70b45e2d9563de182c5528d8cf6e1a719eda10bf0cc63050c6ae4264540f92

  • SSDEEP

    393216:5nh1E17jJMz8zUBuOc17QZVrQ/kN+g4Har099PE+/y5kjw265VEVk:5zEVXt17G5Q/IrE/85265wk

Malware Config

Extracted

Family

redline

Botnet

@verhsa

C2

185.215.113.22:80

Targets

    • Target

      wallet_finder.exe

    • Size

      313KB

    • MD5

      1c526e48990563961feefd31cdc1777c

    • SHA1

      7dccc1ec57f6ea948866a974344fe88a44f90886

    • SHA256

      5535cc5ca14c54717e12128b3152e57f1e5171dc094e6259e2e0f754f9026d8d

    • SHA512

      537afe67d7ee288e341d52ea22599bd8f258d9d6f402566ca8d08434a1974cf44e0b6a37003083b22a4a1151921a76b0cff424df30ed99238a41888d81a51870

    • SSDEEP

      6144:1bcsgYsLcP1Vosa9Z+amIFethWBIWteSze0ryzS1nI+N:hckrP1Vosa9Q5thWTXryzS1nI+

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks