5a37a0332332c9ef29adf89a0e995ae7579176d2cfde32530cfd3c15b61b05f9

General
Target

5a37a0332332c9ef29adf89a0e995ae7579176d2cfde32530cfd3c15b61b05f9

Size

405KB

Sample

211125-txqqbsbba8

Score
10 /10
MD5

b27d3308eb264be92d970536e9765239

SHA1

15166fb201ee69e92346e8a47317b988fbefccce

SHA256

5a37a0332332c9ef29adf89a0e995ae7579176d2cfde32530cfd3c15b61b05f9

SHA512

231f3c82a06ca26b6e9b5562e09e625fbdf03faaba16eacabe58fe655ce7d623708656c3342fcf326229ca028bbe36e29f80f5945002d98d46139cbb5260f9e2

Malware Config

Extracted

Family redline
Botnet NoName
C2

185.215.113.29:26828

Targets
Target

5a37a0332332c9ef29adf89a0e995ae7579176d2cfde32530cfd3c15b61b05f9

MD5

b27d3308eb264be92d970536e9765239

Filesize

405KB

Score
10 /10
SHA1

15166fb201ee69e92346e8a47317b988fbefccce

SHA256

5a37a0332332c9ef29adf89a0e995ae7579176d2cfde32530cfd3c15b61b05f9

SHA512

231f3c82a06ca26b6e9b5562e09e625fbdf03faaba16eacabe58fe655ce7d623708656c3342fcf326229ca028bbe36e29f80f5945002d98d46139cbb5260f9e2

Tags

Signatures

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • RedLine Payload

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation
                    Tasks