General

  • Target

    319bc85c37456c6d019954ed188e67101898019f101d24a0b22abb757ba7c02d

  • Size

    318KB

  • Sample

    210919-qed22aefgl

  • MD5

    302160df32351cbfdb25d7de735b0b78

  • SHA1

    45de3cd046ecaf384f22afb4c5cfe9650868e9f5

  • SHA256

    319bc85c37456c6d019954ed188e67101898019f101d24a0b22abb757ba7c02d

  • SHA512

    4665ceefe501f4a6d4e56cc21073182faeb7b52f57163afcbda28c2eb08992cc298b3a2103eb751f02539f7b7481fb221e6bbe1d8e39f9296d8e3f94e391cb12

Malware Config

Extracted

Family

redline

Botnet

UDP

C2

45.9.20.20:13441

Targets

    • Target

      319bc85c37456c6d019954ed188e67101898019f101d24a0b22abb757ba7c02d

    • Size

      318KB

    • MD5

      302160df32351cbfdb25d7de735b0b78

    • SHA1

      45de3cd046ecaf384f22afb4c5cfe9650868e9f5

    • SHA256

      319bc85c37456c6d019954ed188e67101898019f101d24a0b22abb757ba7c02d

    • SHA512

      4665ceefe501f4a6d4e56cc21073182faeb7b52f57163afcbda28c2eb08992cc298b3a2103eb751f02539f7b7481fb221e6bbe1d8e39f9296d8e3f94e391cb12

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks