General

  • Target

    206a2568e014f2f52c5f6aa16bb47f81.exe

  • Size

    1.5MB

  • Sample

    210117-ww4ms9kaxs

  • MD5

    206a2568e014f2f52c5f6aa16bb47f81

  • SHA1

    500a475682cf18481138fe7696447a116001eabc

  • SHA256

    e846c73b8c02eb9abc0e42d17bb3f3b501e6c4a327d3308b2d16cffa7a813638

  • SHA512

    73de7348574b4c2ae313729cd37d7e215a74112d810800ad3141de3fa43ffc985f7fd92b50fb57984731130e4a45405ce726c86913008857398377266c886244

Malware Config

Targets

    • Target

      206a2568e014f2f52c5f6aa16bb47f81.exe

    • Size

      1.5MB

    • MD5

      206a2568e014f2f52c5f6aa16bb47f81

    • SHA1

      500a475682cf18481138fe7696447a116001eabc

    • SHA256

      e846c73b8c02eb9abc0e42d17bb3f3b501e6c4a327d3308b2d16cffa7a813638

    • SHA512

      73de7348574b4c2ae313729cd37d7e215a74112d810800ad3141de3fa43ffc985f7fd92b50fb57984731130e4a45405ce726c86913008857398377266c886244

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks