General

  • Target

    df9830be403604eee36ae55caad7daa2ebc58b9e351d7306efc8bf5e8fb16e32

  • Size

    296KB

  • Sample

    211127-acantsahc6

  • MD5

    0f0af80ab5f8cfb3e88f7cffda98240f

  • SHA1

    78625c05c055571cea13c82871a3dc7660ca825e

  • SHA256

    df9830be403604eee36ae55caad7daa2ebc58b9e351d7306efc8bf5e8fb16e32

  • SHA512

    85dbfe7ffa3e909b937f6fb432230467bf2057c1b821789b890b1ca8514c65e7f38457251158095beec0fe2d2c61a79561d8bd6adb70bf4a17260de47764cf4a

Malware Config

Extracted

Family

redline

Botnet

Updbdate

C2

193.56.146.64:65441

Targets

    • Target

      df9830be403604eee36ae55caad7daa2ebc58b9e351d7306efc8bf5e8fb16e32

    • Size

      296KB

    • MD5

      0f0af80ab5f8cfb3e88f7cffda98240f

    • SHA1

      78625c05c055571cea13c82871a3dc7660ca825e

    • SHA256

      df9830be403604eee36ae55caad7daa2ebc58b9e351d7306efc8bf5e8fb16e32

    • SHA512

      85dbfe7ffa3e909b937f6fb432230467bf2057c1b821789b890b1ca8514c65e7f38457251158095beec0fe2d2c61a79561d8bd6adb70bf4a17260de47764cf4a

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks