General

  • Target

    52DC68A421F73D788C6ECB3F7CD33123.exe

  • Size

    198KB

  • Sample

    210506-gvk4jpwxts

  • MD5

    52dc68a421f73d788c6ecb3f7cd33123

  • SHA1

    f68112e7002657297eded7116b4c446a2e4a8305

  • SHA256

    b35472ac451e4923a094af8eaa687656c1f6576f7655655c877e98c0fa9c7709

  • SHA512

    4ec5a78e91321c760847e22284e4e60f105a62d789a018dbe77b8bd966ebde653b5b5d079bfbe2e17db347e39ce6189e36b1caa68499d4d998b426f168d9fa13

Malware Config

Extracted

Family

redline

Botnet

Phoenix2

C2

3.120.134.248:65368

Targets

    • Target

      52DC68A421F73D788C6ECB3F7CD33123.exe

    • Size

      198KB

    • MD5

      52dc68a421f73d788c6ecb3f7cd33123

    • SHA1

      f68112e7002657297eded7116b4c446a2e4a8305

    • SHA256

      b35472ac451e4923a094af8eaa687656c1f6576f7655655c877e98c0fa9c7709

    • SHA512

      4ec5a78e91321c760847e22284e4e60f105a62d789a018dbe77b8bd966ebde653b5b5d079bfbe2e17db347e39ce6189e36b1caa68499d4d998b426f168d9fa13

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks