General

  • Target

    4a55da3c91388a8ea539fc750b52dd90af5d2f33f2e7269a73c2146243ed24cd.exe

  • Size

    302KB

  • Sample

    241216-cpc1tsymfw

  • MD5

    da8fee4a89f0b7cee6c8aee970044116

  • SHA1

    226a6fbd66992a0f2ddbf5d7572fab2cf8f5001e

  • SHA256

    4a55da3c91388a8ea539fc750b52dd90af5d2f33f2e7269a73c2146243ed24cd

  • SHA512

    9174bd1c379ed76be342400949a1e431a6430297485fd9c48ed12c60e7de94817b75d645c4ebb17b3a79d66ba813c40c36527f912e927a8ec27e4668d9c09dd8

  • SSDEEP

    6144:CJqAvoYumbeaLVA/HmH6iWmZx/M+VK0lA/OBYJ0tYRVxG2PTY:3AvoYumb9VA/m9WmZxlVK0lAZ/PTY

Malware Config

Extracted

Family

redline

Botnet

eewx

C2

185.81.68.147:1912

Targets

    • Target

      4a55da3c91388a8ea539fc750b52dd90af5d2f33f2e7269a73c2146243ed24cd.exe

    • Size

      302KB

    • MD5

      da8fee4a89f0b7cee6c8aee970044116

    • SHA1

      226a6fbd66992a0f2ddbf5d7572fab2cf8f5001e

    • SHA256

      4a55da3c91388a8ea539fc750b52dd90af5d2f33f2e7269a73c2146243ed24cd

    • SHA512

      9174bd1c379ed76be342400949a1e431a6430297485fd9c48ed12c60e7de94817b75d645c4ebb17b3a79d66ba813c40c36527f912e927a8ec27e4668d9c09dd8

    • SSDEEP

      6144:CJqAvoYumbeaLVA/HmH6iWmZx/M+VK0lA/OBYJ0tYRVxG2PTY:3AvoYumb9VA/m9WmZxlVK0lAZ/PTY

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks