General

  • Target

    02a5b0a799fe8631e17f3a80cbf0994f0c4d4d5ad13c4b909779765494e9f34b

  • Size

    337KB

  • Sample

    211021-htjl3aaaa2

  • MD5

    abec41a6c6c77e88e69dfaac43fc0cb3

  • SHA1

    2cf77728c4c6292416e0a0f0731611da85989ecb

  • SHA256

    02a5b0a799fe8631e17f3a80cbf0994f0c4d4d5ad13c4b909779765494e9f34b

  • SHA512

    017ee1914f2e89d6d4e17fc83c355551c11e630e5984d41ceca2a6ce1811a1d8e246f05382080e27cb000946d48f7557430e3e0075668101643326c51704e309

Malware Config

Extracted

Family

redline

Botnet

UTS

C2

45.9.20.182:52236

Targets

    • Target

      02a5b0a799fe8631e17f3a80cbf0994f0c4d4d5ad13c4b909779765494e9f34b

    • Size

      337KB

    • MD5

      abec41a6c6c77e88e69dfaac43fc0cb3

    • SHA1

      2cf77728c4c6292416e0a0f0731611da85989ecb

    • SHA256

      02a5b0a799fe8631e17f3a80cbf0994f0c4d4d5ad13c4b909779765494e9f34b

    • SHA512

      017ee1914f2e89d6d4e17fc83c355551c11e630e5984d41ceca2a6ce1811a1d8e246f05382080e27cb000946d48f7557430e3e0075668101643326c51704e309

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks