General

  • Target

    511c44b15f1f66930d3023f8f175b880f5975bbf6c5e298ce43a1559589c2ba9

  • Size

    369KB

  • Sample

    211015-x171kacbbj

  • MD5

    d66c013829800d64d8e472deec98d3a3

  • SHA1

    1fff1fd3fb1e468118add1cd2b7e0cb985055638

  • SHA256

    511c44b15f1f66930d3023f8f175b880f5975bbf6c5e298ce43a1559589c2ba9

  • SHA512

    269f645971ec870ab24f93fdf971abc75b852459e9da1507eab03ae3a9239bc09c6cf0491c86d94fe9cefcab13d8c6c273a7e01d4b25aee2b1c3a380e82aa2a6

Malware Config

Extracted

Family

redline

Botnet

UDP

C2

45.9.20.182:52236

Targets

    • Target

      511c44b15f1f66930d3023f8f175b880f5975bbf6c5e298ce43a1559589c2ba9

    • Size

      369KB

    • MD5

      d66c013829800d64d8e472deec98d3a3

    • SHA1

      1fff1fd3fb1e468118add1cd2b7e0cb985055638

    • SHA256

      511c44b15f1f66930d3023f8f175b880f5975bbf6c5e298ce43a1559589c2ba9

    • SHA512

      269f645971ec870ab24f93fdf971abc75b852459e9da1507eab03ae3a9239bc09c6cf0491c86d94fe9cefcab13d8c6c273a7e01d4b25aee2b1c3a380e82aa2a6

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks