General

  • Target

    59937dcf0b5de444bccc568fe7a66262203b7af7cfbc5eb35e1d5530fca56867

  • Size

    9KB

  • Sample

    241113-pfevaa1hlh

  • MD5

    48cadb488b71589cb626e4fbfb084deb

  • SHA1

    44f36d618ce18ec81d49f820d4552fe038f0e141

  • SHA256

    59937dcf0b5de444bccc568fe7a66262203b7af7cfbc5eb35e1d5530fca56867

  • SHA512

    31e85d6ac569fced5cf2d66c20c6a9d05c0a208c573005bd4597bad31f1f6d2aa63bcbc03cf169280c04952a5ee59c5b14e9e9b45592334310f52bcc5fc7c134

  • SSDEEP

    192:YFqPom6B+9T9DLD9VpD2pE8stYcFwVc03KY:kqPz6B+9T1X9VIpEptYcFwVc03K

Malware Config

Targets

    • Target

      59937dcf0b5de444bccc568fe7a66262203b7af7cfbc5eb35e1d5530fca56867

    • Size

      9KB

    • MD5

      48cadb488b71589cb626e4fbfb084deb

    • SHA1

      44f36d618ce18ec81d49f820d4552fe038f0e141

    • SHA256

      59937dcf0b5de444bccc568fe7a66262203b7af7cfbc5eb35e1d5530fca56867

    • SHA512

      31e85d6ac569fced5cf2d66c20c6a9d05c0a208c573005bd4597bad31f1f6d2aa63bcbc03cf169280c04952a5ee59c5b14e9e9b45592334310f52bcc5fc7c134

    • SSDEEP

      192:YFqPom6B+9T9DLD9VpD2pE8stYcFwVc03KY:kqPz6B+9T1X9VIpEptYcFwVc03K

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks