General

  • Target

    2997292293c332e73b11fa28126b6fbefea75a6bb02001eb017de46797d4e4ecN.exe

  • Size

    301KB

  • Sample

    241216-h27nvszmcw

  • MD5

    dd1e3f38ae7711d270748012af613950

  • SHA1

    b3b90eec3507f523aa63802cc16e5248c8ef0ea8

  • SHA256

    2997292293c332e73b11fa28126b6fbefea75a6bb02001eb017de46797d4e4ec

  • SHA512

    0eff0cba972b6622fb59683fe4d15d1b6c1ef106166189f60dcd7b4c76b6ceb82fd5c71433dc61394f03eff03575f2be27dec6ac8ab064491710263879b11bca

  • SSDEEP

    6144:Y2J31coxDzgqSAy3/wLZRYa2dWSS8ySQIaTgHJ0tYRV4OeJiqbQ5rF4:71coxDzgxAKILIa2d1S8ySQIaTpjKrF4

Malware Config

Extracted

Family

redline

Botnet

eewx

C2

185.81.68.147:1912

Targets

    • Target

      2997292293c332e73b11fa28126b6fbefea75a6bb02001eb017de46797d4e4ecN.exe

    • Size

      301KB

    • MD5

      dd1e3f38ae7711d270748012af613950

    • SHA1

      b3b90eec3507f523aa63802cc16e5248c8ef0ea8

    • SHA256

      2997292293c332e73b11fa28126b6fbefea75a6bb02001eb017de46797d4e4ec

    • SHA512

      0eff0cba972b6622fb59683fe4d15d1b6c1ef106166189f60dcd7b4c76b6ceb82fd5c71433dc61394f03eff03575f2be27dec6ac8ab064491710263879b11bca

    • SSDEEP

      6144:Y2J31coxDzgqSAy3/wLZRYa2dWSS8ySQIaTgHJ0tYRV4OeJiqbQ5rF4:71coxDzgxAKILIa2d1S8ySQIaTpjKrF4

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks