General

  • Target

    4bae4ff421105321fcf74ad7de0fa491.exe

  • Size

    57KB

  • Sample

    210421-qy9wa5s6he

  • MD5

    4bae4ff421105321fcf74ad7de0fa491

  • SHA1

    8a46ccda7d3f89e387f9546056472a43b5ab4f92

  • SHA256

    ed8e738447c50b48d36529c45cbfeec80da8ba9f6792bce230f5d512126e54db

  • SHA512

    d972f40e950fce49fb952990ce7a44530c5f2ff8461ff0b0f552ad599c80af1938ce2a4fc324702d1cc75fa8a139fbfa33ab9abffe762e0edcb97efd3c4dc422

Malware Config

Targets

    • Target

      4bae4ff421105321fcf74ad7de0fa491.exe

    • Size

      57KB

    • MD5

      4bae4ff421105321fcf74ad7de0fa491

    • SHA1

      8a46ccda7d3f89e387f9546056472a43b5ab4f92

    • SHA256

      ed8e738447c50b48d36529c45cbfeec80da8ba9f6792bce230f5d512126e54db

    • SHA512

      d972f40e950fce49fb952990ce7a44530c5f2ff8461ff0b0f552ad599c80af1938ce2a4fc324702d1cc75fa8a139fbfa33ab9abffe762e0edcb97efd3c4dc422

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks