General

  • Target

    b1a669d65e7b71816391d6ba9dc45ecae35592c88fd5977fff37e247d1cbbb6a

  • Size

    318KB

  • Sample

    210920-ekm2cafdfk

  • MD5

    6633b22ce7b8d409eb8182dedb23f7e5

  • SHA1

    f7b8025329d2c2b751e19e8dbae75697562808e5

  • SHA256

    b1a669d65e7b71816391d6ba9dc45ecae35592c88fd5977fff37e247d1cbbb6a

  • SHA512

    39aa09296520dffad448529f8374a2e14c9c93c5459c232367df7040b0b1d4dadfc8a2f89f0493bb04b023e62e2319dd9b2a11cb17d9a220b057e50f2e690a1a

Malware Config

Extracted

Family

redline

Botnet

UDP

C2

45.9.20.20:13441

Targets

    • Target

      b1a669d65e7b71816391d6ba9dc45ecae35592c88fd5977fff37e247d1cbbb6a

    • Size

      318KB

    • MD5

      6633b22ce7b8d409eb8182dedb23f7e5

    • SHA1

      f7b8025329d2c2b751e19e8dbae75697562808e5

    • SHA256

      b1a669d65e7b71816391d6ba9dc45ecae35592c88fd5977fff37e247d1cbbb6a

    • SHA512

      39aa09296520dffad448529f8374a2e14c9c93c5459c232367df7040b0b1d4dadfc8a2f89f0493bb04b023e62e2319dd9b2a11cb17d9a220b057e50f2e690a1a

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks