fb074057f064fbe4dd5cdc5975e79aab1bf0d6266215909af7f34575a20880dc

General
Target

fb074057f064fbe4dd5cdc5975e79aab1bf0d6266215909af7f34575a20880dc

Size

249KB

Sample

210926-px2elsegel

Score
10 /10
MD5

fd549575e07b1d4fec549497f17bf166

SHA1

6f005d31452e1fb79621a6b6ff57807ca9b02370

SHA256

fb074057f064fbe4dd5cdc5975e79aab1bf0d6266215909af7f34575a20880dc

SHA512

022f4fc212ba00756224febf773f8d8b830d3c2d245af6b110cce29272274e26f540bb706e8aad4cd1f46149b9c5a286435c05acfceed191d0b685e65bf5e2db

Malware Config

Extracted

Family redline
Botnet UTS
C2

45.9.20.20:13441

Targets
Target

fb074057f064fbe4dd5cdc5975e79aab1bf0d6266215909af7f34575a20880dc

MD5

fd549575e07b1d4fec549497f17bf166

Filesize

249KB

Score
10 /10
SHA1

6f005d31452e1fb79621a6b6ff57807ca9b02370

SHA256

fb074057f064fbe4dd5cdc5975e79aab1bf0d6266215909af7f34575a20880dc

SHA512

022f4fc212ba00756224febf773f8d8b830d3c2d245af6b110cce29272274e26f540bb706e8aad4cd1f46149b9c5a286435c05acfceed191d0b685e65bf5e2db

Tags

Signatures

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • RedLine Payload

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation
                    Tasks