General

  • Target

    df4b40ac854ceef5992b98fa1f733532.exe

  • Size

    264KB

  • Sample

    210731-mhybp55ekj

  • MD5

    df4b40ac854ceef5992b98fa1f733532

  • SHA1

    783a0508e0596e711929da174926b32aaee16ad2

  • SHA256

    0344c20e70f91bc71b10fb60f5043bc07f238d1439b277fec325b3cc10c19668

  • SHA512

    f765832164f8453548f33abf7c58d11b7651955a779824099800aca41b0a7360258eb184b6a118b5b838f909b83e652d6efe53cc38cc53f0ea21c7ccd28bf7da

Malware Config

Extracted

Family

redline

Botnet

3

C2

213.166.68.170:16810

Targets

    • Target

      df4b40ac854ceef5992b98fa1f733532.exe

    • Size

      264KB

    • MD5

      df4b40ac854ceef5992b98fa1f733532

    • SHA1

      783a0508e0596e711929da174926b32aaee16ad2

    • SHA256

      0344c20e70f91bc71b10fb60f5043bc07f238d1439b277fec325b3cc10c19668

    • SHA512

      f765832164f8453548f33abf7c58d11b7651955a779824099800aca41b0a7360258eb184b6a118b5b838f909b83e652d6efe53cc38cc53f0ea21c7ccd28bf7da

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Downloads MZ/PE file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks