General

  • Target

    cec85b96bff70ce97cd617c02f61ba7a51066e29973200fb66ce56ad4a8462ec

  • Size

    317KB

  • Sample

    210919-r7k7gsegbp

  • MD5

    3d2efc44642922d224c3856d69822a4d

  • SHA1

    acc34102a181dfbee7a037091a9ef5ab0b7cd827

  • SHA256

    cec85b96bff70ce97cd617c02f61ba7a51066e29973200fb66ce56ad4a8462ec

  • SHA512

    474f0d82e3a71f828cddc6fa107e090a4237a28af246a217d27eaa96d6c98c666a2f139a9eb5f6517147dfd590f2109125d85df308169db54df8630c9be14c48

Malware Config

Extracted

Family

redline

Botnet

UDP

C2

45.9.20.20:13441

Targets

    • Target

      cec85b96bff70ce97cd617c02f61ba7a51066e29973200fb66ce56ad4a8462ec

    • Size

      317KB

    • MD5

      3d2efc44642922d224c3856d69822a4d

    • SHA1

      acc34102a181dfbee7a037091a9ef5ab0b7cd827

    • SHA256

      cec85b96bff70ce97cd617c02f61ba7a51066e29973200fb66ce56ad4a8462ec

    • SHA512

      474f0d82e3a71f828cddc6fa107e090a4237a28af246a217d27eaa96d6c98c666a2f139a9eb5f6517147dfd590f2109125d85df308169db54df8630c9be14c48

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks