General

  • Target

    247fd6cd86203cf2f4a620dd168ee32c3c24158cde58d7d9f2fe7923e679501c

  • Size

    318KB

  • Sample

    210920-d77htsfddp

  • MD5

    eb31866a4cf8ed3b31794cde78574647

  • SHA1

    6de07932b04665e9551ec02bb6c1965095a28c0e

  • SHA256

    247fd6cd86203cf2f4a620dd168ee32c3c24158cde58d7d9f2fe7923e679501c

  • SHA512

    23828ca6c9eba47b3d26dbccaa297cbf6d09e94c6883e1eef27de284b9ea03fd04112d8ee65374db90ff198e63be121b75dc57b3e857bd5f1ab0ca1e676d5e8c

Malware Config

Extracted

Family

redline

Botnet

UDP

C2

45.9.20.20:13441

Targets

    • Target

      247fd6cd86203cf2f4a620dd168ee32c3c24158cde58d7d9f2fe7923e679501c

    • Size

      318KB

    • MD5

      eb31866a4cf8ed3b31794cde78574647

    • SHA1

      6de07932b04665e9551ec02bb6c1965095a28c0e

    • SHA256

      247fd6cd86203cf2f4a620dd168ee32c3c24158cde58d7d9f2fe7923e679501c

    • SHA512

      23828ca6c9eba47b3d26dbccaa297cbf6d09e94c6883e1eef27de284b9ea03fd04112d8ee65374db90ff198e63be121b75dc57b3e857bd5f1ab0ca1e676d5e8c

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks