General

  • Target

    33bb7d8584f1353b048c0227977e9531a4125188a960babbc2a26307ca158275

  • Size

    318KB

  • Sample

    210919-s9ye9scbd4

  • MD5

    4a93f552d9a2747b134be963c4d1b044

  • SHA1

    7b96e56bc6b7df56ac4d0cda72dbc2d9be65f0e4

  • SHA256

    33bb7d8584f1353b048c0227977e9531a4125188a960babbc2a26307ca158275

  • SHA512

    d10962a7c0027ca5dafda2e9ebc236b04284c4542f65e3cea9ec423b29012ed7fc111579e73f0b46d6e3be0ed020dc23c784c5f281abcf02071cfd904fdf1ab5

Malware Config

Extracted

Family

redline

Botnet

UDP

C2

45.9.20.20:13441

Targets

    • Target

      33bb7d8584f1353b048c0227977e9531a4125188a960babbc2a26307ca158275

    • Size

      318KB

    • MD5

      4a93f552d9a2747b134be963c4d1b044

    • SHA1

      7b96e56bc6b7df56ac4d0cda72dbc2d9be65f0e4

    • SHA256

      33bb7d8584f1353b048c0227977e9531a4125188a960babbc2a26307ca158275

    • SHA512

      d10962a7c0027ca5dafda2e9ebc236b04284c4542f65e3cea9ec423b29012ed7fc111579e73f0b46d6e3be0ed020dc23c784c5f281abcf02071cfd904fdf1ab5

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks