General

  • Target

    b33bc799128d0e630270f09393c5f4dae1867782fbde2.exe

  • Size

    262KB

  • Sample

    210731-kly12vyaqs

  • MD5

    b7db02446d1f0cc21a2259227b021313

  • SHA1

    77099382728356ad71d80226c90754a75e29fb06

  • SHA256

    b33bc799128d0e630270f09393c5f4dae1867782fbde21db3d7f6d5f945625d2

  • SHA512

    10ab722f5369e22357530ab73e6416e4ed616ffd5c29ea3f520b5830bd316e5ec9689c588ba95288dc09a0cc4c840c6abeb2c84823839606dc029a9f6d0c94e0

Malware Config

Extracted

Family

redline

Botnet

youngboy

C2

176.57.69.178:59510

Targets

    • Target

      b33bc799128d0e630270f09393c5f4dae1867782fbde2.exe

    • Size

      262KB

    • MD5

      b7db02446d1f0cc21a2259227b021313

    • SHA1

      77099382728356ad71d80226c90754a75e29fb06

    • SHA256

      b33bc799128d0e630270f09393c5f4dae1867782fbde21db3d7f6d5f945625d2

    • SHA512

      10ab722f5369e22357530ab73e6416e4ed616ffd5c29ea3f520b5830bd316e5ec9689c588ba95288dc09a0cc4c840c6abeb2c84823839606dc029a9f6d0c94e0

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks