4b4caac9b37e2081b2b5e33de0214c226ef3ab957e7bee1255b81c34d59fea33

General
Target

4b4caac9b37e2081b2b5e33de0214c226ef3ab957e7bee1255b81c34d59fea33

Size

250KB

Sample

210926-ql4w2aehe4

Score
10 /10
MD5

2e9226c77d8d80677d35a48bc1d5bf19

SHA1

b8dc5fb61fd1bc2e599dba3f1b37249d271e896f

SHA256

4b4caac9b37e2081b2b5e33de0214c226ef3ab957e7bee1255b81c34d59fea33

SHA512

b0864787f90260be96c1a4a4f3bff0a5625fd17da9ae7af9c21485ec39b99c7357db145a093de56e8005d39a058ee8c0498b3fa891b441af6eaa25bbf3c1dfd7

Malware Config

Extracted

Family redline
Botnet UTS
C2

45.9.20.20:13441

Targets
Target

4b4caac9b37e2081b2b5e33de0214c226ef3ab957e7bee1255b81c34d59fea33

MD5

2e9226c77d8d80677d35a48bc1d5bf19

Filesize

250KB

Score
10 /10
SHA1

b8dc5fb61fd1bc2e599dba3f1b37249d271e896f

SHA256

4b4caac9b37e2081b2b5e33de0214c226ef3ab957e7bee1255b81c34d59fea33

SHA512

b0864787f90260be96c1a4a4f3bff0a5625fd17da9ae7af9c21485ec39b99c7357db145a093de56e8005d39a058ee8c0498b3fa891b441af6eaa25bbf3c1dfd7

Tags

Signatures

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • RedLine Payload

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation
                    Tasks