General

  • Target

    14e38b209ee392b253d8b73dd1f625f1d6a94fe5cfe05d055041d96597e47574

  • Size

    354KB

  • Sample

    211021-2xtqzsbgfj

  • MD5

    138b82b470c814e8080db7051025ce9f

  • SHA1

    abfe3f2defdfb96a0850ff9dd2a3947b2f9b92b5

  • SHA256

    14e38b209ee392b253d8b73dd1f625f1d6a94fe5cfe05d055041d96597e47574

  • SHA512

    fffbbe337c20d8fe03909d3c0086f2235dfccb5fcef7cfbcfac950681d22e11030dfa3da53b885711a37b7940013e9d9c1349d4079ef2c684d12a3e86642fd65

Malware Config

Extracted

Family

redline

Botnet

BTC-2021

C2

2.56.214.190:59628

Targets

    • Target

      14e38b209ee392b253d8b73dd1f625f1d6a94fe5cfe05d055041d96597e47574

    • Size

      354KB

    • MD5

      138b82b470c814e8080db7051025ce9f

    • SHA1

      abfe3f2defdfb96a0850ff9dd2a3947b2f9b92b5

    • SHA256

      14e38b209ee392b253d8b73dd1f625f1d6a94fe5cfe05d055041d96597e47574

    • SHA512

      fffbbe337c20d8fe03909d3c0086f2235dfccb5fcef7cfbcfac950681d22e11030dfa3da53b885711a37b7940013e9d9c1349d4079ef2c684d12a3e86642fd65

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks