c4a6933628c1d65f130c66851c6fbb9f254aa79a66503796487f9fe1521f4c9a

General
Target

c4a6933628c1d65f130c66851c6fbb9f254aa79a66503796487f9fe1521f4c9a

Size

318KB

Sample

211014-f66w1sgcd6

Score
10 /10
MD5

1f2393f7202a1670512358a3fa5fb8fe

SHA1

35dca516b0098997e23cf580fd13281a2275ee20

SHA256

c4a6933628c1d65f130c66851c6fbb9f254aa79a66503796487f9fe1521f4c9a

SHA512

769583f080a40f4c06446e1aacaed37085b32bef4d30e2044ad8598fd5167d421f48d3cad1fc55eb587278e1b0899b7c8e9720a2898d2a87316bc2ad83e303aa

Malware Config

Extracted

Family redline
Botnet sewPalp
C2

185.215.113.29:24645

Targets
Target

c4a6933628c1d65f130c66851c6fbb9f254aa79a66503796487f9fe1521f4c9a

MD5

1f2393f7202a1670512358a3fa5fb8fe

Filesize

318KB

Score
10 /10
SHA1

35dca516b0098997e23cf580fd13281a2275ee20

SHA256

c4a6933628c1d65f130c66851c6fbb9f254aa79a66503796487f9fe1521f4c9a

SHA512

769583f080a40f4c06446e1aacaed37085b32bef4d30e2044ad8598fd5167d421f48d3cad1fc55eb587278e1b0899b7c8e9720a2898d2a87316bc2ad83e303aa

Tags

Signatures

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • RedLine Payload

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation
                    Tasks