usfive_20211021-124624

General
Target

usfive_20211021-124624

Size

333KB

Sample

211021-rl6ajabceq

Score
10 /10
MD5

d925816145cc18afdd4675c4846bc9a7

SHA1

9eb8dff855f515f3253eb2987679c462c9cab3e7

SHA256

6ccde99f9a922f30985bf697ef122d1bb102993590064544c6d0cda4f53cbdcc

SHA512

5caec99f2a47c64193707f5f3ccb74408eea98fd395d1fba4881f7ca39149ec3aa233ef4d85396e6e3be037bc293a138ea4e1d97528c72466e8d8c5a663f5326

Malware Config

Extracted

Family redline
Botnet oct21
C2

94.103.9.181:25690

Targets
Target

usfive_20211021-124624

MD5

d925816145cc18afdd4675c4846bc9a7

Filesize

333KB

Score
10 /10
SHA1

9eb8dff855f515f3253eb2987679c462c9cab3e7

SHA256

6ccde99f9a922f30985bf697ef122d1bb102993590064544c6d0cda4f53cbdcc

SHA512

5caec99f2a47c64193707f5f3ccb74408eea98fd395d1fba4881f7ca39149ec3aa233ef4d85396e6e3be037bc293a138ea4e1d97528c72466e8d8c5a663f5326

Tags

Signatures

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • RedLine Payload

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation