General

  • Target

    ef120c590cc6f24259ce452e0e8a0ff846a18a621e2d9c9418ae2ce9fe003eac

  • Size

    318KB

  • Sample

    210919-wyvf1scda5

  • MD5

    21f3cd41998742c8c56aba633a9616f3

  • SHA1

    3337863090480731f3f389c5b0e888e8c7495d84

  • SHA256

    ef120c590cc6f24259ce452e0e8a0ff846a18a621e2d9c9418ae2ce9fe003eac

  • SHA512

    c171dc5538b0d6711bbdab20be85af86f260debad7d6da7971c08a4d3def63ccd22a86839bc2ecc68d7c8cea746a42de1a39d70a13c4c56e6e9a3c5fd4961a84

Malware Config

Extracted

Family

redline

Botnet

UDP

C2

45.9.20.20:13441

Targets

    • Target

      ef120c590cc6f24259ce452e0e8a0ff846a18a621e2d9c9418ae2ce9fe003eac

    • Size

      318KB

    • MD5

      21f3cd41998742c8c56aba633a9616f3

    • SHA1

      3337863090480731f3f389c5b0e888e8c7495d84

    • SHA256

      ef120c590cc6f24259ce452e0e8a0ff846a18a621e2d9c9418ae2ce9fe003eac

    • SHA512

      c171dc5538b0d6711bbdab20be85af86f260debad7d6da7971c08a4d3def63ccd22a86839bc2ecc68d7c8cea746a42de1a39d70a13c4c56e6e9a3c5fd4961a84

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks