General

  • Target

    9e5662de4a9d33cc454e7f9a3a256cb69682061efcec80b952a4b1cb780a396bN.exe

  • Size

    1.5MB

  • Sample

    241216-m7d1ysxngz

  • MD5

    885ce6288fc5b8553f8c58693423f850

  • SHA1

    a46c0c6068b2b8bf94a71fce7c21a46a01c5c7c9

  • SHA256

    9e5662de4a9d33cc454e7f9a3a256cb69682061efcec80b952a4b1cb780a396b

  • SHA512

    26e76bb0f8859d392ff4f1d8dce373f110c274293ca3dfb8e4bd19ff05f9d2b327640f0696fd1cea270f88d1840b0746f411eecd82bed884da2642d3e0489034

  • SSDEEP

    24576:XAvoYumb9Vt9dzv5/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:qD5LNiXicJFFRGNzj3

Malware Config

Extracted

Family

redline

Botnet

eewx

C2

185.81.68.147:1912

Targets

    • Target

      9e5662de4a9d33cc454e7f9a3a256cb69682061efcec80b952a4b1cb780a396bN.exe

    • Size

      1.5MB

    • MD5

      885ce6288fc5b8553f8c58693423f850

    • SHA1

      a46c0c6068b2b8bf94a71fce7c21a46a01c5c7c9

    • SHA256

      9e5662de4a9d33cc454e7f9a3a256cb69682061efcec80b952a4b1cb780a396b

    • SHA512

      26e76bb0f8859d392ff4f1d8dce373f110c274293ca3dfb8e4bd19ff05f9d2b327640f0696fd1cea270f88d1840b0746f411eecd82bed884da2642d3e0489034

    • SSDEEP

      24576:XAvoYumb9Vt9dzv5/TwSfVcYG3K/cJHlnFR+IGNe8j3Iz:qD5LNiXicJFFRGNzj3

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks