a2b6c4286d9de9cded676840936ce2446a5244d5e415613404eae6430efc8c58

General
Target

a2b6c4286d9de9cded676840936ce2446a5244d5e415613404eae6430efc8c58

Size

404KB

Sample

211125-t1t7xsfgdn

Score
10 /10
MD5

22881f3c6d61c70b25ff28654b6961e5

SHA1

90d344108bb0ba41e068080443a4bd42c25bdf54

SHA256

a2b6c4286d9de9cded676840936ce2446a5244d5e415613404eae6430efc8c58

SHA512

aa57847eb66727fd72fd66ed5cfbeb46e14bdf1c03a17ed9fa9137d864de0aadd80036ef1d806e81b714ccfe0661d9e1831e3c4355b85ecf9523fedc6bf9d889

Malware Config

Extracted

Family redline
Botnet udptest
C2

193.56.146.64:65441

Targets
Target

a2b6c4286d9de9cded676840936ce2446a5244d5e415613404eae6430efc8c58

MD5

22881f3c6d61c70b25ff28654b6961e5

Filesize

404KB

Score
10 /10
SHA1

90d344108bb0ba41e068080443a4bd42c25bdf54

SHA256

a2b6c4286d9de9cded676840936ce2446a5244d5e415613404eae6430efc8c58

SHA512

aa57847eb66727fd72fd66ed5cfbeb46e14bdf1c03a17ed9fa9137d864de0aadd80036ef1d806e81b714ccfe0661d9e1831e3c4355b85ecf9523fedc6bf9d889

Tags

Signatures

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • RedLine Payload

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation
                    Tasks