fba1a1f4b7d31f4b922b8e6ee5feea37875b835ef85cc4f956a7d481b841d1a5

General
Target

fba1a1f4b7d31f4b922b8e6ee5feea37875b835ef85cc4f956a7d481b841d1a5

Size

250KB

Sample

210926-phv92sehb4

Score
10 /10
MD5

110d5ef37b4a5bd7211e938006109162

SHA1

55ca3b5df37096c677112c94aee042c0788fa722

SHA256

fba1a1f4b7d31f4b922b8e6ee5feea37875b835ef85cc4f956a7d481b841d1a5

SHA512

3754c1fd58eafe981588982a5e47e601a04d9e618d08cca9060401ed4fe539809982b1e6ff7202f783c6b5aa83b7e1428951a471f0b4f84de80b06f23a966903

Malware Config

Extracted

Family redline
Botnet UDP
C2

45.9.20.20:13441

Targets
Target

fba1a1f4b7d31f4b922b8e6ee5feea37875b835ef85cc4f956a7d481b841d1a5

MD5

110d5ef37b4a5bd7211e938006109162

Filesize

250KB

Score
10 /10
SHA1

55ca3b5df37096c677112c94aee042c0788fa722

SHA256

fba1a1f4b7d31f4b922b8e6ee5feea37875b835ef85cc4f956a7d481b841d1a5

SHA512

3754c1fd58eafe981588982a5e47e601a04d9e618d08cca9060401ed4fe539809982b1e6ff7202f783c6b5aa83b7e1428951a471f0b4f84de80b06f23a966903

Tags

Signatures

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • RedLine Payload

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation
                    Tasks