General

  • Target

    285262e7a2f69cf4ce869b99623a17de85b9425a0be2c4b22fc36afa59fc977c

  • Size

    318KB

  • Sample

    210920-clq4aacfe6

  • MD5

    a8611596e0416fc9c92a5e42b1abc9a8

  • SHA1

    ae611b8e0128e544e620685b2ba3354909c14a68

  • SHA256

    285262e7a2f69cf4ce869b99623a17de85b9425a0be2c4b22fc36afa59fc977c

  • SHA512

    6b29bb8e028a3acf35b38f42d866b3961190c0a431192eb318c4d74f9a9f47f4ef75075d657570512e4db8a53ceacb624b7771f886335d4f0cefe54cbb2ca5e8

Malware Config

Extracted

Family

redline

Botnet

UDP

C2

45.9.20.20:13441

Targets

    • Target

      285262e7a2f69cf4ce869b99623a17de85b9425a0be2c4b22fc36afa59fc977c

    • Size

      318KB

    • MD5

      a8611596e0416fc9c92a5e42b1abc9a8

    • SHA1

      ae611b8e0128e544e620685b2ba3354909c14a68

    • SHA256

      285262e7a2f69cf4ce869b99623a17de85b9425a0be2c4b22fc36afa59fc977c

    • SHA512

      6b29bb8e028a3acf35b38f42d866b3961190c0a431192eb318c4d74f9a9f47f4ef75075d657570512e4db8a53ceacb624b7771f886335d4f0cefe54cbb2ca5e8

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks