General

  • Target

    o3version.packed.exe

  • Size

    120KB

  • Sample

    250701-gan7rssmw4

  • MD5

    9d53ca91285f0646fd4fd1e93bf321be

  • SHA1

    b57451e8b0e3f685d28825910f4b77aca5598ee5

  • SHA256

    b44e63990f2a573889b98de81e916ebf9bbb219877efb321c9be8375bb877061

  • SHA512

    089e519424141dd55b362b83ac889c2f8d3e4b6168cc5ee1a7b1ffab987946d4c936d139ae9169a6b94fae5a38a1a1597df02c13de7df3e58dfb04a846878f2e

  • SSDEEP

    3072:RPHptHOxd/VAqAvAVI8FmVoK8o6/ZcSGf:AtGL9VxZ6/Zcxf

Malware Config

Extracted

Family

redline

Botnet

o3version

C2

40.76.123.249:1912

Targets

    • Target

      o3version.packed.exe

    • Size

      120KB

    • MD5

      9d53ca91285f0646fd4fd1e93bf321be

    • SHA1

      b57451e8b0e3f685d28825910f4b77aca5598ee5

    • SHA256

      b44e63990f2a573889b98de81e916ebf9bbb219877efb321c9be8375bb877061

    • SHA512

      089e519424141dd55b362b83ac889c2f8d3e4b6168cc5ee1a7b1ffab987946d4c936d139ae9169a6b94fae5a38a1a1597df02c13de7df3e58dfb04a846878f2e

    • SSDEEP

      3072:RPHptHOxd/VAqAvAVI8FmVoK8o6/ZcSGf:AtGL9VxZ6/Zcxf

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v16

Tasks