General

  • Target

    f1b59fa3cdf98bbe1008b0cd7bbff7be4d374e89ab484f81e4345e4f091e5749

  • Size

    405KB

  • Sample

    211125-t7tvqsfgfm

  • MD5

    7c357e9c547247438791b26e75d615fd

  • SHA1

    bac795f6f99e01b90cc3d58e6f2d57a958fbb0df

  • SHA256

    f1b59fa3cdf98bbe1008b0cd7bbff7be4d374e89ab484f81e4345e4f091e5749

  • SHA512

    c8c52406f387b72efbf67a787917695400cb5ad3f762b9ddcc3b21defd01268a1d98a60405c6e2de9c2451453f8f0877f938f487b91eb50e502da0012e05b898

Malware Config

Extracted

Family

redline

Botnet

Pubdate

C2

193.56.146.64:65441

Targets

    • Target

      f1b59fa3cdf98bbe1008b0cd7bbff7be4d374e89ab484f81e4345e4f091e5749

    • Size

      405KB

    • MD5

      7c357e9c547247438791b26e75d615fd

    • SHA1

      bac795f6f99e01b90cc3d58e6f2d57a958fbb0df

    • SHA256

      f1b59fa3cdf98bbe1008b0cd7bbff7be4d374e89ab484f81e4345e4f091e5749

    • SHA512

      c8c52406f387b72efbf67a787917695400cb5ad3f762b9ddcc3b21defd01268a1d98a60405c6e2de9c2451453f8f0877f938f487b91eb50e502da0012e05b898

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix

Command and Control

    Credential Access

    Defense Evasion

      Discovery

      Execution

        Exfiltration

          Impact

            Initial Access

              Lateral Movement

                Persistence

                  Privilege Escalation