General

  • Target

    SHIPPINGIN PL BT PDF.exe

  • Size

    384KB

  • Sample

    241210-mq39hstlc1

  • MD5

    af1b027971dc2ef0d2382c3250fd70b1

  • SHA1

    eb8c51b0c7c4d39f33b156d810927614fcc02250

  • SHA256

    d478d3c502b2bd866c958b8e075f03e5d754ef48db447c85b9ea795342ed3619

  • SHA512

    265e967f751736ccaefa5caba0ec8b1cd8a5e92e253f161c58d79a0b1fa1da77d9607c7249fa3c958cef3599bdc5009c8cdb72d27a5404c40eb4cfe2d4dab221

  • SSDEEP

    6144:Sek9LD+zqyEE7XDsrRSq/Hj+h6OTqdxQh68Aqt6u7sFVsTuDXE:KewrRmOAfNtP7sPsTuDXE

Malware Config

Extracted

Family

redline

Botnet

sheetred1

C2

77.90.185.55:1912

Targets

    • Target

      SHIPPINGIN PL BT PDF.exe

    • Size

      384KB

    • MD5

      af1b027971dc2ef0d2382c3250fd70b1

    • SHA1

      eb8c51b0c7c4d39f33b156d810927614fcc02250

    • SHA256

      d478d3c502b2bd866c958b8e075f03e5d754ef48db447c85b9ea795342ed3619

    • SHA512

      265e967f751736ccaefa5caba0ec8b1cd8a5e92e253f161c58d79a0b1fa1da77d9607c7249fa3c958cef3599bdc5009c8cdb72d27a5404c40eb4cfe2d4dab221

    • SSDEEP

      6144:Sek9LD+zqyEE7XDsrRSq/Hj+h6OTqdxQh68Aqt6u7sFVsTuDXE:KewrRmOAfNtP7sPsTuDXE

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks