3b96bb0a140911e8d7b7015d951ec502d59c5cda1841804716ce966f20f9ec2a

General
Target

3b96bb0a140911e8d7b7015d951ec502d59c5cda1841804716ce966f20f9ec2a

Size

631KB

Sample

211021-yshalsafg2

Score
10 /10
MD5

a16b069c7727d11ee51a0b833b7b73aa

SHA1

d0b5bcff593641e324aa0229a823b22df9f6febd

SHA256

3b96bb0a140911e8d7b7015d951ec502d59c5cda1841804716ce966f20f9ec2a

SHA512

8f009c4f91cd8cfca4946da413bf9b4a738966a1b68570de5c16bc8adb50f37db4a2892e815b60b8a3f0eeb4e3dafabbaacec87b27d601a8cfdd4c9787ec4a66

Malware Config

Extracted

Family redline
Botnet mix22.10
C2

185.215.113.15:21508

Targets
Target

3b96bb0a140911e8d7b7015d951ec502d59c5cda1841804716ce966f20f9ec2a

MD5

a16b069c7727d11ee51a0b833b7b73aa

Filesize

631KB

Score
10 /10
SHA1

d0b5bcff593641e324aa0229a823b22df9f6febd

SHA256

3b96bb0a140911e8d7b7015d951ec502d59c5cda1841804716ce966f20f9ec2a

SHA512

8f009c4f91cd8cfca4946da413bf9b4a738966a1b68570de5c16bc8adb50f37db4a2892e815b60b8a3f0eeb4e3dafabbaacec87b27d601a8cfdd4c9787ec4a66

Tags

Signatures

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • RedLine Payload

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Legitimate hosting services abused for malware hosting/C2

    TTPs

    Web Service

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Persistence
                Privilege Escalation
                  Tasks