General

  • Target

    c5279e5f3583a76349035515a88f609304f6f86c0ea3d343a5afd0f92ea54003

  • Size

    318KB

  • Sample

    210920-bjcx7sfcdp

  • MD5

    d8d55293d5cef122f6ecef518e58dc26

  • SHA1

    bc883b635a8301c57fc7ea32bfcc832bacda70fc

  • SHA256

    c5279e5f3583a76349035515a88f609304f6f86c0ea3d343a5afd0f92ea54003

  • SHA512

    c5fff52f2b443efb740514638a10b34f480303448098f67e2cb9582b29fc129a7d52f81ef2b187868e762b45cf319fe75118ab0a2bcfd6dce70bb9bc3afb7029

Malware Config

Extracted

Family

redline

Botnet

UDP

C2

45.9.20.20:13441

Targets

    • Target

      c5279e5f3583a76349035515a88f609304f6f86c0ea3d343a5afd0f92ea54003

    • Size

      318KB

    • MD5

      d8d55293d5cef122f6ecef518e58dc26

    • SHA1

      bc883b635a8301c57fc7ea32bfcc832bacda70fc

    • SHA256

      c5279e5f3583a76349035515a88f609304f6f86c0ea3d343a5afd0f92ea54003

    • SHA512

      c5fff52f2b443efb740514638a10b34f480303448098f67e2cb9582b29fc129a7d52f81ef2b187868e762b45cf319fe75118ab0a2bcfd6dce70bb9bc3afb7029

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks