63f1959b30ea4591bb0b2f5961b36850.exe

General
Target

63f1959b30ea4591bb0b2f5961b36850.exe

Size

321KB

Sample

210722-rxxa3h5c6s

Score
10 /10
MD5

63f1959b30ea4591bb0b2f5961b36850

SHA1

26c0c9c14a48b61971d528c98906cb79c68936c4

SHA256

f6ae1e90093fda0271db6d607a78af61c437253c3edd42019daf274c5369b8cb

SHA512

4d1de859652c321a2f14115debc049f2a17f8bd99b3a05e4c64edce40ca34f66930429478414645c7055d97c0822b67804998fe94e835db2aaeda1de836ee186

Malware Config

Extracted

Family redline
Botnet MIX 22.07
C2

185.215.113.17:18597

Targets
Target

63f1959b30ea4591bb0b2f5961b36850.exe

MD5

63f1959b30ea4591bb0b2f5961b36850

Filesize

321KB

Score
10 /10
SHA1

26c0c9c14a48b61971d528c98906cb79c68936c4

SHA256

f6ae1e90093fda0271db6d607a78af61c437253c3edd42019daf274c5369b8cb

SHA512

4d1de859652c321a2f14115debc049f2a17f8bd99b3a05e4c64edce40ca34f66930429478414645c7055d97c0822b67804998fe94e835db2aaeda1de836ee186

Tags

Signatures

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • RedLine Payload

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation