General

  • Target

    5d63cf6e7e17508f2278186bd0f7adfde2ac0daa75dcd5f67660826d98223664

  • Size

    318KB

  • Sample

    210919-y4f7pacdh6

  • MD5

    1b48d37147dbd053edfd8f0459cd571f

  • SHA1

    7fa3e8c88c6b8721ab2fe3b5dd322cf954847560

  • SHA256

    5d63cf6e7e17508f2278186bd0f7adfde2ac0daa75dcd5f67660826d98223664

  • SHA512

    cf55d189edc8f726c63572bc340f1fbfce78e9688ac90ac6fe7e92a9406e9709fea4deb60b95d8147bc722f4db3d9eeae4bb14144cf545e62deeb37cf500e3d4

Malware Config

Extracted

Family

redline

Botnet

UDP

C2

45.9.20.20:13441

Targets

    • Target

      5d63cf6e7e17508f2278186bd0f7adfde2ac0daa75dcd5f67660826d98223664

    • Size

      318KB

    • MD5

      1b48d37147dbd053edfd8f0459cd571f

    • SHA1

      7fa3e8c88c6b8721ab2fe3b5dd322cf954847560

    • SHA256

      5d63cf6e7e17508f2278186bd0f7adfde2ac0daa75dcd5f67660826d98223664

    • SHA512

      cf55d189edc8f726c63572bc340f1fbfce78e9688ac90ac6fe7e92a9406e9709fea4deb60b95d8147bc722f4db3d9eeae4bb14144cf545e62deeb37cf500e3d4

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks