General

  • Target

    299dc3bb613a10e1a2d96c3e49d62d42145b1a48fbd6a087da6cc56661e82546

  • Size

    363KB

  • Sample

    210807-z7n2xqgppa

  • MD5

    e82ce292a4c410c44c1f4da25d02a167

  • SHA1

    61d4f9a1ea9457e667006bb8c8911c91ab00c487

  • SHA256

    299dc3bb613a10e1a2d96c3e49d62d42145b1a48fbd6a087da6cc56661e82546

  • SHA512

    0bc579f87ed5466d30466ae10df8378417c1d8424a867bc488faf09558967ca592846148b8ea77b7c6a729e5c754cd4d77b9f23346b0669906467a0d487a3971

Malware Config

Extracted

Family

redline

Botnet

test1

C2

185.215.113.63:23098

Targets

    • Target

      299dc3bb613a10e1a2d96c3e49d62d42145b1a48fbd6a087da6cc56661e82546

    • Size

      363KB

    • MD5

      e82ce292a4c410c44c1f4da25d02a167

    • SHA1

      61d4f9a1ea9457e667006bb8c8911c91ab00c487

    • SHA256

      299dc3bb613a10e1a2d96c3e49d62d42145b1a48fbd6a087da6cc56661e82546

    • SHA512

      0bc579f87ed5466d30466ae10df8378417c1d8424a867bc488faf09558967ca592846148b8ea77b7c6a729e5c754cd4d77b9f23346b0669906467a0d487a3971

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks