General

  • Target

    aa2b01fe5fce1feeb75eed6288935582c1d8f27106d5a2574a905b1a21128b4f

  • Size

    318KB

  • Sample

    210920-atghpsfccl

  • MD5

    764e9d22b3f61849850795545424dad4

  • SHA1

    766874bd4e8b547aef57c7785054e39f36a0d389

  • SHA256

    aa2b01fe5fce1feeb75eed6288935582c1d8f27106d5a2574a905b1a21128b4f

  • SHA512

    165b8b6d3f854a372ecbf6b5277435e6c36e08e1f94345c8380cbb92be7ca8abd1558b58cf6e3b8f25bc697af8e7b522968a4e7d14a91d75287c8f2e116befbd

Malware Config

Extracted

Family

redline

Botnet

UDP

C2

45.9.20.20:13441

Targets

    • Target

      aa2b01fe5fce1feeb75eed6288935582c1d8f27106d5a2574a905b1a21128b4f

    • Size

      318KB

    • MD5

      764e9d22b3f61849850795545424dad4

    • SHA1

      766874bd4e8b547aef57c7785054e39f36a0d389

    • SHA256

      aa2b01fe5fce1feeb75eed6288935582c1d8f27106d5a2574a905b1a21128b4f

    • SHA512

      165b8b6d3f854a372ecbf6b5277435e6c36e08e1f94345c8380cbb92be7ca8abd1558b58cf6e3b8f25bc697af8e7b522968a4e7d14a91d75287c8f2e116befbd

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks