General

  • Target

    a4ea8ccb32a746e3315e35d366246545d6475dc48e8e43cf92da45bf5de0fe7f

  • Size

    349KB

  • Sample

    211014-gx3cxagcf9

  • MD5

    ea5d06ebac99fcea217fecc743c259f5

  • SHA1

    db9b688cf9941bcbd02364db15ebfa22797eb551

  • SHA256

    a4ea8ccb32a746e3315e35d366246545d6475dc48e8e43cf92da45bf5de0fe7f

  • SHA512

    85a20dc5b983a53b3d8bf8d02b9f57b917e995772d4b9f570e3bc604e6a0442b1ef1485e9e4f910cc50ed26680d18b34db46e65a41181e3c8622da95164bdd5e

Malware Config

Extracted

Family

redline

Botnet

@fullloger

C2

164.132.202.45:20588

Targets

    • Target

      a4ea8ccb32a746e3315e35d366246545d6475dc48e8e43cf92da45bf5de0fe7f

    • Size

      349KB

    • MD5

      ea5d06ebac99fcea217fecc743c259f5

    • SHA1

      db9b688cf9941bcbd02364db15ebfa22797eb551

    • SHA256

      a4ea8ccb32a746e3315e35d366246545d6475dc48e8e43cf92da45bf5de0fe7f

    • SHA512

      85a20dc5b983a53b3d8bf8d02b9f57b917e995772d4b9f570e3bc604e6a0442b1ef1485e9e4f910cc50ed26680d18b34db46e65a41181e3c8622da95164bdd5e

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Collection

Data from Local System

1
T1005

Tasks