General

  • Target

    fbc9319b5207acc6875d5ac815e9d369d60936d38bde1b16bdebb0f007c739ce

  • Size

    318KB

  • Sample

    210920-fmzctsfedq

  • MD5

    3c8b6cca9ee10cfec26c5c316789e4d8

  • SHA1

    25c92281641eb032e37d71b7d254f7841a00cb62

  • SHA256

    fbc9319b5207acc6875d5ac815e9d369d60936d38bde1b16bdebb0f007c739ce

  • SHA512

    705511fa90ee0865cbc620679854795942684bf4996a3bd6b06989d51f214310fc146127c6de8fd3d0ab716faa819920b0c9e4d72c2566f5be810d684551caa3

Malware Config

Extracted

Family

redline

Botnet

UDP

C2

45.9.20.20:13441

Targets

    • Target

      fbc9319b5207acc6875d5ac815e9d369d60936d38bde1b16bdebb0f007c739ce

    • Size

      318KB

    • MD5

      3c8b6cca9ee10cfec26c5c316789e4d8

    • SHA1

      25c92281641eb032e37d71b7d254f7841a00cb62

    • SHA256

      fbc9319b5207acc6875d5ac815e9d369d60936d38bde1b16bdebb0f007c739ce

    • SHA512

      705511fa90ee0865cbc620679854795942684bf4996a3bd6b06989d51f214310fc146127c6de8fd3d0ab716faa819920b0c9e4d72c2566f5be810d684551caa3

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks