General

  • Target

    12cd48721582c41c4526698e45f1c756a62b242b98257ca9a52ceeca77c0f098

  • Size

    286KB

  • Sample

    211126-qmba4sfgh2

  • MD5

    4fc57b39e998d8c1b035bc8c90a25e73

  • SHA1

    bd1e6da2a61085c7e61e57182edcc5263a1cb760

  • SHA256

    12cd48721582c41c4526698e45f1c756a62b242b98257ca9a52ceeca77c0f098

  • SHA512

    79ffe56ab858d8e6f6cd084e0000b7296e3bf63b9707c523a7fc07e1447278ae018f4c65ec2473428825b6258939b651d89a8166fa1d34fadd1d557af6ae04cb

Malware Config

Extracted

Family

redline

Botnet

Updbdate

C2

193.56.146.64:65441

Targets

    • Target

      12cd48721582c41c4526698e45f1c756a62b242b98257ca9a52ceeca77c0f098

    • Size

      286KB

    • MD5

      4fc57b39e998d8c1b035bc8c90a25e73

    • SHA1

      bd1e6da2a61085c7e61e57182edcc5263a1cb760

    • SHA256

      12cd48721582c41c4526698e45f1c756a62b242b98257ca9a52ceeca77c0f098

    • SHA512

      79ffe56ab858d8e6f6cd084e0000b7296e3bf63b9707c523a7fc07e1447278ae018f4c65ec2473428825b6258939b651d89a8166fa1d34fadd1d557af6ae04cb

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks