General

  • Target

    52cb37d91906ed1cd97be339ee5e885bd63989898d5518db5e66f5124a698460

  • Size

    423KB

  • Sample

    211201-qyc9vacedr

  • MD5

    3d93e2c61b25516ee8997b61b2fe63a0

  • SHA1

    95aa403192be4f765be06861c1997a59a73bb40f

  • SHA256

    52cb37d91906ed1cd97be339ee5e885bd63989898d5518db5e66f5124a698460

  • SHA512

    0e9213992e23c87d452a94ef2d7239a4b3301d7a2841dd47774afed7f1a8db6ac886c1de2ae5b7fdd31c8257c65172bfde2be1c8f5a543d8659e2cdc294206d9

Malware Config

Extracted

Family

redline

Botnet

mix 01.12

C2

95.143.179.152:42556

Targets

    • Target

      52cb37d91906ed1cd97be339ee5e885bd63989898d5518db5e66f5124a698460

    • Size

      423KB

    • MD5

      3d93e2c61b25516ee8997b61b2fe63a0

    • SHA1

      95aa403192be4f765be06861c1997a59a73bb40f

    • SHA256

      52cb37d91906ed1cd97be339ee5e885bd63989898d5518db5e66f5124a698460

    • SHA512

      0e9213992e23c87d452a94ef2d7239a4b3301d7a2841dd47774afed7f1a8db6ac886c1de2ae5b7fdd31c8257c65172bfde2be1c8f5a543d8659e2cdc294206d9

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks