General

  • Target

    a7ca4468df6c856b406431bbbb4b7ad887db3812329cd60bde260eabe164d11b

  • Size

    318KB

  • Sample

    210919-ydh9cscde8

  • MD5

    c7d4611a6284253727382e0b19c74e6a

  • SHA1

    66913a97faf96b09c510db6d55cd5720d1a04e7c

  • SHA256

    a7ca4468df6c856b406431bbbb4b7ad887db3812329cd60bde260eabe164d11b

  • SHA512

    bd256840368a1cd0a0b9e0314db53cf44c41d0155461f3a1019339dd7c9d7c5654133c1e6e3d2887f115f96a6ac40f13a44e5bec88699f46e63f7bdeb6364cc8

Malware Config

Extracted

Family

redline

Botnet

UDP

C2

45.9.20.20:13441

Targets

    • Target

      a7ca4468df6c856b406431bbbb4b7ad887db3812329cd60bde260eabe164d11b

    • Size

      318KB

    • MD5

      c7d4611a6284253727382e0b19c74e6a

    • SHA1

      66913a97faf96b09c510db6d55cd5720d1a04e7c

    • SHA256

      a7ca4468df6c856b406431bbbb4b7ad887db3812329cd60bde260eabe164d11b

    • SHA512

      bd256840368a1cd0a0b9e0314db53cf44c41d0155461f3a1019339dd7c9d7c5654133c1e6e3d2887f115f96a6ac40f13a44e5bec88699f46e63f7bdeb6364cc8

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks