General

  • Target

    695b6d5d28e63cc18c2eddbff4b49c4e4ae22e8c4fe2a1c95449c5423a458d36.exe

  • Size

    305KB

  • Sample

    241219-cm7gnatkcr

  • MD5

    5c7855655e383cbece176af24670d919

  • SHA1

    655f0da6d7cd060a8998bd332fb6014893baeb2a

  • SHA256

    695b6d5d28e63cc18c2eddbff4b49c4e4ae22e8c4fe2a1c95449c5423a458d36

  • SHA512

    fb77b0b2e1e11f90df7725e93d8516325f682953c7c22fbbc9786b5b2b5131952f6f9c8f7354078af45ecd53ee84a5c2c988637ad5540b95c91e1d0f94a1f108

  • SSDEEP

    6144:RJRGyoPwcMZAwSYQ1rL4OgbDetMfhiRdsLoOJ0tYRVlOPAKePNO4:dGyoPwcMZhnQ1rL4OKDeohi3sLo7WY4

Malware Config

Extracted

Family

redline

Botnet

eewx

C2

185.81.68.147:1912

Targets

    • Target

      695b6d5d28e63cc18c2eddbff4b49c4e4ae22e8c4fe2a1c95449c5423a458d36.exe

    • Size

      305KB

    • MD5

      5c7855655e383cbece176af24670d919

    • SHA1

      655f0da6d7cd060a8998bd332fb6014893baeb2a

    • SHA256

      695b6d5d28e63cc18c2eddbff4b49c4e4ae22e8c4fe2a1c95449c5423a458d36

    • SHA512

      fb77b0b2e1e11f90df7725e93d8516325f682953c7c22fbbc9786b5b2b5131952f6f9c8f7354078af45ecd53ee84a5c2c988637ad5540b95c91e1d0f94a1f108

    • SSDEEP

      6144:RJRGyoPwcMZAwSYQ1rL4OgbDetMfhiRdsLoOJ0tYRVlOPAKePNO4:dGyoPwcMZhnQ1rL4OKDeohi3sLo7WY4

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks