General

  • Target

    9483911086b8667a0f1400e951db7b1e510734c2596ffa896e72b6faddb671d4

  • Size

    369KB

  • Sample

    211015-2zm18acdbm

  • MD5

    6dd86bbe4ccadec9d075cf1f710cc464

  • SHA1

    c576b584fb70ff8e17d01614609bc513b2257683

  • SHA256

    9483911086b8667a0f1400e951db7b1e510734c2596ffa896e72b6faddb671d4

  • SHA512

    c63a4a8dbb473174d42c33e2f0dc45a178f0fcad989d3310e458f8431d2a6d9fde82b90d2bd4d3cc1ff6d094d758b219f9145591f622a9e8208fd1aa86b3da49

Malware Config

Extracted

Family

redline

Botnet

sewPalp

C2

185.215.113.29:24645

Targets

    • Target

      9483911086b8667a0f1400e951db7b1e510734c2596ffa896e72b6faddb671d4

    • Size

      369KB

    • MD5

      6dd86bbe4ccadec9d075cf1f710cc464

    • SHA1

      c576b584fb70ff8e17d01614609bc513b2257683

    • SHA256

      9483911086b8667a0f1400e951db7b1e510734c2596ffa896e72b6faddb671d4

    • SHA512

      c63a4a8dbb473174d42c33e2f0dc45a178f0fcad989d3310e458f8431d2a6d9fde82b90d2bd4d3cc1ff6d094d758b219f9145591f622a9e8208fd1aa86b3da49

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

1
T1005

Tasks