8f6c7a779aad2fcebfde67b679378445

General
Target

8f6c7a779aad2fcebfde67b679378445

Size

3MB

Sample

210915-hkr7vaaab3

Score
10 /10
MD5

8f6c7a779aad2fcebfde67b679378445

SHA1

c2861843b930684f3c15b779e1027ffffe96bcc7

SHA256

7feb71e0bcd24d21e20f423434b4c9971c174c9e1aafedab36e2ecab1ff3a5bf

SHA512

cbc525092ac6ec65b64944a1708ff102d2019acbf10ad3739a99cd8bb4892f601535028304e957b10fbae19f2d96d9c2f416cc6c79051d4efe651bc03f78fc34

Malware Config

Extracted

Family redline
Botnet Orix1
C2

92.222.145.236:60837

Targets
Target

8f6c7a779aad2fcebfde67b679378445

MD5

8f6c7a779aad2fcebfde67b679378445

Filesize

3MB

Score
10 /10
SHA1

c2861843b930684f3c15b779e1027ffffe96bcc7

SHA256

7feb71e0bcd24d21e20f423434b4c9971c174c9e1aafedab36e2ecab1ff3a5bf

SHA512

cbc525092ac6ec65b64944a1708ff102d2019acbf10ad3739a99cd8bb4892f601535028304e957b10fbae19f2d96d9c2f416cc6c79051d4efe651bc03f78fc34

Tags

Signatures

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • RedLine Payload

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Legitimate hosting services abused for malware hosting/C2

    TTPs

    Web Service
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Persistence
              Privilege Escalation