7cbdb5778dc7c2c9377eb8a03e6063d966e90d442ad0e8b65eaa33f5e8d54a9c

General
Target

7cbdb5778dc7c2c9377eb8a03e6063d966e90d442ad0e8b65eaa33f5e8d54a9c

Size

405KB

Sample

211125-vcrbssbbg2

Score
10 /10
MD5

826fce77343a479518b652f51f06d884

SHA1

a3ace9b820802826b80c71bf9a6cef234f18a555

SHA256

7cbdb5778dc7c2c9377eb8a03e6063d966e90d442ad0e8b65eaa33f5e8d54a9c

SHA512

8cd3fbc1b015b0b504cc6dda0f98c7de8994ccdad3566d9ae14fa78795bdb6f97cf882609cc445a14ab0b5daceeb3844ef9fc3eeaab75bfff154402dc99e4870

Malware Config

Extracted

Family redline
Botnet RUZKI
C2

185.215.113.29:26828

Targets
Target

7cbdb5778dc7c2c9377eb8a03e6063d966e90d442ad0e8b65eaa33f5e8d54a9c

MD5

826fce77343a479518b652f51f06d884

Filesize

405KB

Score
10 /10
SHA1

a3ace9b820802826b80c71bf9a6cef234f18a555

SHA256

7cbdb5778dc7c2c9377eb8a03e6063d966e90d442ad0e8b65eaa33f5e8d54a9c

SHA512

8cd3fbc1b015b0b504cc6dda0f98c7de8994ccdad3566d9ae14fa78795bdb6f97cf882609cc445a14ab0b5daceeb3844ef9fc3eeaab75bfff154402dc99e4870

Tags

Signatures

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • RedLine Payload

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation
                    Tasks