4bae4ff421105321fcf74ad7de0fa491.exe

General
Target

4bae4ff421105321fcf74ad7de0fa491.exe

Size

57KB

Sample

210421-qy9wa5s6he

Score
10 /10
MD5

4bae4ff421105321fcf74ad7de0fa491

SHA1

8a46ccda7d3f89e387f9546056472a43b5ab4f92

SHA256

ed8e738447c50b48d36529c45cbfeec80da8ba9f6792bce230f5d512126e54db

SHA512

d972f40e950fce49fb952990ce7a44530c5f2ff8461ff0b0f552ad599c80af1938ce2a4fc324702d1cc75fa8a139fbfa33ab9abffe762e0edcb97efd3c4dc422

Malware Config
Targets
Target

4bae4ff421105321fcf74ad7de0fa491.exe

MD5

4bae4ff421105321fcf74ad7de0fa491

Filesize

57KB

Score
10 /10
SHA1

8a46ccda7d3f89e387f9546056472a43b5ab4f92

SHA256

ed8e738447c50b48d36529c45cbfeec80da8ba9f6792bce230f5d512126e54db

SHA512

d972f40e950fce49fb952990ce7a44530c5f2ff8461ff0b0f552ad599c80af1938ce2a4fc324702d1cc75fa8a139fbfa33ab9abffe762e0edcb97efd3c4dc422

Tags

Signatures

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation