General

  • Target

    a6c12c4432045648c9bc6c7d020a53edd17d3d636b87ce374586983ffdda6c47

  • Size

    296KB

  • Sample

    211126-w8mh6ahcb2

  • MD5

    5471d59e6bf7836a3094337d3142c05a

  • SHA1

    b0c59bef098933ea1817bf196bbb8c097b8b33f2

  • SHA256

    a6c12c4432045648c9bc6c7d020a53edd17d3d636b87ce374586983ffdda6c47

  • SHA512

    f4e9eb60e46c9a50b8eb614c804960d602b7bbc277539b8d360ce759886a1d17d265d5331868714e30f2a016586905f514ab1f3387cf0aeea8fb7d3bb78c50c5

Malware Config

Extracted

Family

redline

Botnet

udptest

C2

193.56.146.64:65441

Targets

    • Target

      a6c12c4432045648c9bc6c7d020a53edd17d3d636b87ce374586983ffdda6c47

    • Size

      296KB

    • MD5

      5471d59e6bf7836a3094337d3142c05a

    • SHA1

      b0c59bef098933ea1817bf196bbb8c097b8b33f2

    • SHA256

      a6c12c4432045648c9bc6c7d020a53edd17d3d636b87ce374586983ffdda6c47

    • SHA512

      f4e9eb60e46c9a50b8eb614c804960d602b7bbc277539b8d360ce759886a1d17d265d5331868714e30f2a016586905f514ab1f3387cf0aeea8fb7d3bb78c50c5

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks