General

  • Target

    4b4caac9b37e2081b2b5e33de0214c226ef3ab957e7bee1255b81c34d59fea33

  • Size

    250KB

  • Sample

    210926-ql4w2aehe4

  • MD5

    2e9226c77d8d80677d35a48bc1d5bf19

  • SHA1

    b8dc5fb61fd1bc2e599dba3f1b37249d271e896f

  • SHA256

    4b4caac9b37e2081b2b5e33de0214c226ef3ab957e7bee1255b81c34d59fea33

  • SHA512

    b0864787f90260be96c1a4a4f3bff0a5625fd17da9ae7af9c21485ec39b99c7357db145a093de56e8005d39a058ee8c0498b3fa891b441af6eaa25bbf3c1dfd7

Malware Config

Extracted

Family

redline

Botnet

UTS

C2

45.9.20.20:13441

Targets

    • Target

      4b4caac9b37e2081b2b5e33de0214c226ef3ab957e7bee1255b81c34d59fea33

    • Size

      250KB

    • MD5

      2e9226c77d8d80677d35a48bc1d5bf19

    • SHA1

      b8dc5fb61fd1bc2e599dba3f1b37249d271e896f

    • SHA256

      4b4caac9b37e2081b2b5e33de0214c226ef3ab957e7bee1255b81c34d59fea33

    • SHA512

      b0864787f90260be96c1a4a4f3bff0a5625fd17da9ae7af9c21485ec39b99c7357db145a093de56e8005d39a058ee8c0498b3fa891b441af6eaa25bbf3c1dfd7

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks