General

  • Target

    36fb9d552c8a8fb1eb24b9d661f8621d3c914f601d35a7a49bc6f6232e704685

  • Size

    284KB

  • Sample

    211126-fxxxraaehp

  • MD5

    7d6e46e259df165181d514ba4c392d47

  • SHA1

    96008f61456ded1d83be5db294ca47fb5bcbcbe6

  • SHA256

    36fb9d552c8a8fb1eb24b9d661f8621d3c914f601d35a7a49bc6f6232e704685

  • SHA512

    82bd6fb0a26c66ade42a06ff4b99cb1b1ec5101262fa045c90f459a29337a36860976350f5631a524b320ea721fb746dcd3accc81832f67f234fc0f05e75659b

Malware Config

Extracted

Family

redline

Botnet

udptest

C2

193.56.146.64:65441

Targets

    • Target

      36fb9d552c8a8fb1eb24b9d661f8621d3c914f601d35a7a49bc6f6232e704685

    • Size

      284KB

    • MD5

      7d6e46e259df165181d514ba4c392d47

    • SHA1

      96008f61456ded1d83be5db294ca47fb5bcbcbe6

    • SHA256

      36fb9d552c8a8fb1eb24b9d661f8621d3c914f601d35a7a49bc6f6232e704685

    • SHA512

      82bd6fb0a26c66ade42a06ff4b99cb1b1ec5101262fa045c90f459a29337a36860976350f5631a524b320ea721fb746dcd3accc81832f67f234fc0f05e75659b

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks