0bd4dae28b60c106ca2bf9da5e0e55a0

General
Target

0bd4dae28b60c106ca2bf9da5e0e55a0

Size

383KB

Sample

211022-s3lswscgaj

Score
10 /10
MD5

0bd4dae28b60c106ca2bf9da5e0e55a0

SHA1

5a699e5c535e56028a901d3b34175db68c369d97

SHA256

1b67816993c0da768b996b377f214fcffe8e831e98bcae28ca1f87c8204ad358

SHA512

966b52eecf03f5eb9f24f6b7274cc96b5d5b099e7a99ca6a66b42c11498ff3ca0be01f515ebd4792f4ea62623fe1754376d86c91206f02ad26861b4bf73113a3

Malware Config

Extracted

Family redline
Botnet jjfuck
C2

135.181.129.119:4805

Targets
Target

0bd4dae28b60c106ca2bf9da5e0e55a0

MD5

0bd4dae28b60c106ca2bf9da5e0e55a0

Filesize

383KB

Score
10/10
SHA1

5a699e5c535e56028a901d3b34175db68c369d97

SHA256

1b67816993c0da768b996b377f214fcffe8e831e98bcae28ca1f87c8204ad358

SHA512

966b52eecf03f5eb9f24f6b7274cc96b5d5b099e7a99ca6a66b42c11498ff3ca0be01f515ebd4792f4ea62623fe1754376d86c91206f02ad26861b4bf73113a3

Tags

Signatures

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • RedLine Payload

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation