General

  • Target

    build630506.packed.exe

  • Size

    120KB

  • Sample

    250701-f8m7pasmt7

  • MD5

    d0fa0804683736f614948a96d40a546b

  • SHA1

    bcdf0b8eebf8943eb27a7f65aaabcdec5e8f3767

  • SHA256

    a389262059c72f322d20b0607cc4c503431d034024dbebd5aeb744091ee77782

  • SHA512

    4bade5dd011b1a4442eb999a34772e101d5b04bf4eb59526de76f2f7a6db20415cd383a177463a7acb28e864fe2df6b9553b59f54bf77130c9266b74471a2fc2

  • SSDEEP

    3072:edc3ISRtepLoTjZ45KRRaoq0mqiIRRwyGgmzoCWfq8Ipwyc:ecRtev6g1siORwyGgmWIi

Malware Config

Extracted

Family

redline

Botnet

630test506

C2

40.76.123.249:1912

Targets

    • Target

      build630506.packed.exe

    • Size

      120KB

    • MD5

      d0fa0804683736f614948a96d40a546b

    • SHA1

      bcdf0b8eebf8943eb27a7f65aaabcdec5e8f3767

    • SHA256

      a389262059c72f322d20b0607cc4c503431d034024dbebd5aeb744091ee77782

    • SHA512

      4bade5dd011b1a4442eb999a34772e101d5b04bf4eb59526de76f2f7a6db20415cd383a177463a7acb28e864fe2df6b9553b59f54bf77130c9266b74471a2fc2

    • SSDEEP

      3072:edc3ISRtepLoTjZ45KRRaoq0mqiIRRwyGgmzoCWfq8Ipwyc:ecRtev6g1siORwyGgmWIi

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v16

Tasks