fca06c8d2fff93f7f8b0e272954cc99f363c32fe8169e95bb06d885e3697615e

General
Target

fca06c8d2fff93f7f8b0e272954cc99f363c32fe8169e95bb06d885e3697615e

Size

570KB

Sample

210915-hs8vkaaad9

Score
10 /10
MD5

d96bdb26efa2d431ce5f054e81771d5f

SHA1

308d3427887954e2adc04e5e7326c9ca8107c3a7

SHA256

fca06c8d2fff93f7f8b0e272954cc99f363c32fe8169e95bb06d885e3697615e

SHA512

248c4f5e4651d9c3f24fc4aa9f04108d7d8c6bf928914014ea37b756b76bfb62eab4b39354d906827852f848c8d884b3c8dc153054867e1fd3109d1c4df315cc

Malware Config

Extracted

Family redline
Botnet mix15.09
C2

185.215.113.15:6043

Targets
Target

fca06c8d2fff93f7f8b0e272954cc99f363c32fe8169e95bb06d885e3697615e

MD5

d96bdb26efa2d431ce5f054e81771d5f

Filesize

570KB

Score
10 /10
SHA1

308d3427887954e2adc04e5e7326c9ca8107c3a7

SHA256

fca06c8d2fff93f7f8b0e272954cc99f363c32fe8169e95bb06d885e3697615e

SHA512

248c4f5e4651d9c3f24fc4aa9f04108d7d8c6bf928914014ea37b756b76bfb62eab4b39354d906827852f848c8d884b3c8dc153054867e1fd3109d1c4df315cc

Tags

Signatures

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • RedLine Payload

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Legitimate hosting services abused for malware hosting/C2

    TTPs

    Web Service

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Persistence
                Privilege Escalation
                  Tasks