General

  • Target

    02701f8d91714c583decdd43635ff407.exe

  • Size

    302KB

  • Sample

    241216-k2rzhstlhz

  • MD5

    02701f8d91714c583decdd43635ff407

  • SHA1

    855b8eeffcd217735d1ba6395bbb6647140ecca4

  • SHA256

    41ba86941c72b5e160359e4b851251350958ca56e1d5aa897f0917eb51c5bd2e

  • SHA512

    42930c89943297413933857c8ceac9eec924ce3093fd78da8f75930abdda540407781caf2fe32d4e7019cbd20171485a9d6389b4c03b0600edbaac597577c599

  • SSDEEP

    6144:gJEAvoYumbeaLVA/HmH6iWmZx/M+VK0l//OBYJ0tYRVpG2DbY:DAvoYumb9VA/m9WmZxlVK0l/h/DbY

Malware Config

Extracted

Family

redline

Botnet

eewx

C2

185.81.68.147:1912

Targets

    • Target

      02701f8d91714c583decdd43635ff407.exe

    • Size

      302KB

    • MD5

      02701f8d91714c583decdd43635ff407

    • SHA1

      855b8eeffcd217735d1ba6395bbb6647140ecca4

    • SHA256

      41ba86941c72b5e160359e4b851251350958ca56e1d5aa897f0917eb51c5bd2e

    • SHA512

      42930c89943297413933857c8ceac9eec924ce3093fd78da8f75930abdda540407781caf2fe32d4e7019cbd20171485a9d6389b4c03b0600edbaac597577c599

    • SSDEEP

      6144:gJEAvoYumbeaLVA/HmH6iWmZx/M+VK0l//OBYJ0tYRVpG2DbY:DAvoYumb9VA/m9WmZxlVK0l/h/DbY

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks