General

  • Target

    c803a9d0546cf02bfcdb3cecd14c168f0a483df8f6dc3d52e2769f81f104c722

  • Size

    692KB

  • Sample

    211122-23hwnshacj

  • MD5

    ec8458f0550a2989e1dbbd7f068984f3

  • SHA1

    4880b92f184ab7ab2a1697e69bd00c173108a0b8

  • SHA256

    c803a9d0546cf02bfcdb3cecd14c168f0a483df8f6dc3d52e2769f81f104c722

  • SHA512

    03e6acd4a725c764ac1e4d637ceb8e3f67c6c33ca71d25ed4c8050c5bed8e16d78021e6812d4f4f3565f66fa88f1b157ca0c462b5aaced15a84712099bf8b512

Malware Config

Extracted

Family

redline

Botnet

test1

C2

65.108.4.86:21391

Targets

    • Target

      c803a9d0546cf02bfcdb3cecd14c168f0a483df8f6dc3d52e2769f81f104c722

    • Size

      692KB

    • MD5

      ec8458f0550a2989e1dbbd7f068984f3

    • SHA1

      4880b92f184ab7ab2a1697e69bd00c173108a0b8

    • SHA256

      c803a9d0546cf02bfcdb3cecd14c168f0a483df8f6dc3d52e2769f81f104c722

    • SHA512

      03e6acd4a725c764ac1e4d637ceb8e3f67c6c33ca71d25ed4c8050c5bed8e16d78021e6812d4f4f3565f66fa88f1b157ca0c462b5aaced15a84712099bf8b512

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks