General

  • Target

    ea1f6e59778bd5e45efb84a58cfaf630.exe

  • Size

    333KB

  • Sample

    210114-l4a9844hzs

  • MD5

    ea1f6e59778bd5e45efb84a58cfaf630

  • SHA1

    429691a0e54d4cb93bd0fab48aeac023b3e96e91

  • SHA256

    cfbdc8b5ae94b960fe50baf1fb78e5a9e5442b2cdb06bbc8233aefd3208fc663

  • SHA512

    831d8797e3faa1a00e640d0dd8caa8fc1becb67f09579da6b8d6e35dd894af9f783c9b3a84c9d4322898a938e3db9c6e5c1426cb900bab544da816328daf8ce2

Malware Config

Targets

    • Target

      ea1f6e59778bd5e45efb84a58cfaf630.exe

    • Size

      333KB

    • MD5

      ea1f6e59778bd5e45efb84a58cfaf630

    • SHA1

      429691a0e54d4cb93bd0fab48aeac023b3e96e91

    • SHA256

      cfbdc8b5ae94b960fe50baf1fb78e5a9e5442b2cdb06bbc8233aefd3208fc663

    • SHA512

      831d8797e3faa1a00e640d0dd8caa8fc1becb67f09579da6b8d6e35dd894af9f783c9b3a84c9d4322898a938e3db9c6e5c1426cb900bab544da816328daf8ce2

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Remote System Discovery

1
T1018

Collection

Data from Local System

1
T1005

Tasks