General

  • Target

    dfaebbaaebaedec.exe

  • Size

    480KB

  • Sample

    250630-tfnjmssrw2

  • MD5

    7c5490c346d9bdc918ea16efdccad257

  • SHA1

    cbd673d366f5f5dc7bdb8327691d1acb8b147349

  • SHA256

    2ec91258dd18a298cb4e7cf2c13af556296b7c63d2a67b59ffecf61af88a31a9

  • SHA512

    c317423c46941b3d933b6bb6363aac0fb54ec9fc62f615698ec0717c47bceb6d3d99efd230308f8adc0bb75c2c6c33a08c0792935e80ba8cb1eabe207884a2e6

  • SSDEEP

    12288:XdqT7v2AuDoE2PlipXqfxuZxKZ+Zj5A4Y+L4:XdqT7v29oE2PwhgxV+Lsy4

Malware Config

Extracted

Family

redline

Botnet

vv

C2

185.156.72.89:1912

Targets

    • Target

      dfaebbaaebaedec.exe

    • Size

      480KB

    • MD5

      7c5490c346d9bdc918ea16efdccad257

    • SHA1

      cbd673d366f5f5dc7bdb8327691d1acb8b147349

    • SHA256

      2ec91258dd18a298cb4e7cf2c13af556296b7c63d2a67b59ffecf61af88a31a9

    • SHA512

      c317423c46941b3d933b6bb6363aac0fb54ec9fc62f615698ec0717c47bceb6d3d99efd230308f8adc0bb75c2c6c33a08c0792935e80ba8cb1eabe207884a2e6

    • SSDEEP

      12288:XdqT7v2AuDoE2PlipXqfxuZxKZ+Zj5A4Y+L4:XdqT7v29oE2PwhgxV+Lsy4

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v16

Tasks