General

  • Target

    usfive_20210722-081943

  • Size

    233KB

  • Sample

    210722-6hv44abjsj

  • MD5

    be15a91a3cddd3a3ba758832d1e7a515

  • SHA1

    ce2bd92b5759a6481b6ff0be18643df2307e16f4

  • SHA256

    85468a1878e4cc6b61461ca9c5acfed71c58eb8307c278fe8a1657cc4d607f53

  • SHA512

    d2b0bc331ae2c3169e8913d34e43a2b745f0b4f9023263008c9a31809a60eb656b50990d5b4a9eaefa641abd9bd252d19c7785cc3910d3643c7ecbb7c7a1282f

Malware Config

Extracted

Family

redline

Botnet

lujo

C2

45.67.228.116:49859

Targets

    • Target

      usfive_20210722-081943

    • Size

      233KB

    • MD5

      be15a91a3cddd3a3ba758832d1e7a515

    • SHA1

      ce2bd92b5759a6481b6ff0be18643df2307e16f4

    • SHA256

      85468a1878e4cc6b61461ca9c5acfed71c58eb8307c278fe8a1657cc4d607f53

    • SHA512

      d2b0bc331ae2c3169e8913d34e43a2b745f0b4f9023263008c9a31809a60eb656b50990d5b4a9eaefa641abd9bd252d19c7785cc3910d3643c7ecbb7c7a1282f

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks