General
Target

3D29B2A1A23B12A5134FBE8B17FE5BA0C87549E567123.exe

Size

1MB

Sample

210519-a8jqzs8sv2

Score
10/10
MD5

033e13c4aca370aeeb8031dbce7bf0b9

SHA1

406100cd169260cecdf31914d055b612f678b00e

SHA256

3d29b2a1a23b12a5134fbe8b17fe5ba0c87549e5671232eb9e842c2a55ad8f2b

SHA512

4aa49c6b70df63bb022b5c7fcd7aef985c503dd21f6994394a4360a98cba4f3283f2dd8e986d9bf23cfe94425286526fff0f5b296a71c364b7a3e05d639ad00f

Malware Config

Extracted

Family

redline

Botnet

EUMX

C2

tstamore.info:80

Extracted

Family

redline

Botnet

121212

C2

168.119.241.77:60932

Targets
Target

3D29B2A1A23B12A5134FBE8B17FE5BA0C87549E567123.exe

MD5

033e13c4aca370aeeb8031dbce7bf0b9

Filesize

1MB

Score
10/10
SHA1

406100cd169260cecdf31914d055b612f678b00e

SHA256

3d29b2a1a23b12a5134fbe8b17fe5ba0c87549e5671232eb9e842c2a55ad8f2b

SHA512

4aa49c6b70df63bb022b5c7fcd7aef985c503dd21f6994394a4360a98cba4f3283f2dd8e986d9bf23cfe94425286526fff0f5b296a71c364b7a3e05d639ad00f

Tags

Signatures

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • RedLine Payload

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Deletes itself

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Legitimate hosting services abused for malware hosting/C2

    TTPs

    Web Service
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Persistence
                Privilege Escalation
                  Tasks

                  static1

                  Score
                  N/A