General

  • Target

    e071a3625768f69ca1a294391a58184a.exe

  • Size

    660KB

  • Sample

    210221-pggfpg59za

  • MD5

    e071a3625768f69ca1a294391a58184a

  • SHA1

    88b49df41d5d5555758c660da1c013a03ebd06d3

  • SHA256

    ec51c1a42099d2ebcb00e68608346ac14013c57f5a87713f6ab41b17c305b537

  • SHA512

    be4ae33c033967e852cfdf5cb5e86683f6da86c8b01be9e7e72a258ec100aaf7661e5aff3575ceb1535b50abde352f187735dc7c021d8d0212f41b67979588f2

Malware Config

Targets

    • Target

      e071a3625768f69ca1a294391a58184a.exe

    • Size

      660KB

    • MD5

      e071a3625768f69ca1a294391a58184a

    • SHA1

      88b49df41d5d5555758c660da1c013a03ebd06d3

    • SHA256

      ec51c1a42099d2ebcb00e68608346ac14013c57f5a87713f6ab41b17c305b537

    • SHA512

      be4ae33c033967e852cfdf5cb5e86683f6da86c8b01be9e7e72a258ec100aaf7661e5aff3575ceb1535b50abde352f187735dc7c021d8d0212f41b67979588f2

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v6

Tasks