General

  • Target

    e023408b992bfd65c896c8075f9d8693ccbca3e68537652c00dca40e6ad1c568

  • Size

    369KB

  • Sample

    211016-ctxwsscdhl

  • MD5

    f94936ea1a4f46112daed43485bd928e

  • SHA1

    b8499e66f5ea05d6335074f4910ed82fc4dc3fe4

  • SHA256

    e023408b992bfd65c896c8075f9d8693ccbca3e68537652c00dca40e6ad1c568

  • SHA512

    b9a5af5f21e8a0f11ff281a2de62682271bd5fb2bb25c4b5cbfdaa72a68fee0024b007733ab324f7b580ebfa123cbc98c7cf0a527416e91fd0e4a67f8a0b807e

Malware Config

Extracted

Family

redline

Botnet

UDP

C2

45.9.20.182:52236

Targets

    • Target

      e023408b992bfd65c896c8075f9d8693ccbca3e68537652c00dca40e6ad1c568

    • Size

      369KB

    • MD5

      f94936ea1a4f46112daed43485bd928e

    • SHA1

      b8499e66f5ea05d6335074f4910ed82fc4dc3fe4

    • SHA256

      e023408b992bfd65c896c8075f9d8693ccbca3e68537652c00dca40e6ad1c568

    • SHA512

      b9a5af5f21e8a0f11ff281a2de62682271bd5fb2bb25c4b5cbfdaa72a68fee0024b007733ab324f7b580ebfa123cbc98c7cf0a527416e91fd0e4a67f8a0b807e

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks