a9bbb6b83cc3d2aa7d25422179a82d7ecb2c84f41b6ad.exe

General
Target

a9bbb6b83cc3d2aa7d25422179a82d7ecb2c84f41b6ad.exe

Size

406KB

Sample

210611-lfzym53rns

Score
10 /10
MD5

2b862c6350557bc32519e55f14a1e3a7

SHA1

21b80c4e66a260cbf2d1b357e1300517f39d9619

SHA256

a9bbb6b83cc3d2aa7d25422179a82d7ecb2c84f41b6ad1067aa46883446900d9

SHA512

f866efc2641079ccb1ef89e1254935ba0bf80f26943442111af865468dae88f731b2f0884f75957496f3ae4576b97788d8a26efc3fff7bc13ad92251aa8a0356

Malware Config

Extracted

Family redline
Botnet test
C2

qurigoraka.xyz:80

Targets
Target

a9bbb6b83cc3d2aa7d25422179a82d7ecb2c84f41b6ad.exe

MD5

2b862c6350557bc32519e55f14a1e3a7

Filesize

406KB

Score
10 /10
SHA1

21b80c4e66a260cbf2d1b357e1300517f39d9619

SHA256

a9bbb6b83cc3d2aa7d25422179a82d7ecb2c84f41b6ad1067aa46883446900d9

SHA512

f866efc2641079ccb1ef89e1254935ba0bf80f26943442111af865468dae88f731b2f0884f75957496f3ae4576b97788d8a26efc3fff7bc13ad92251aa8a0356

Tags

Signatures

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • RedLine Payload

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation