General

  • Target

    de4524eb13c0f483b7a146772451aa59.exe

  • Size

    408KB

  • Sample

    220119-lbxmragfa7

  • MD5

    de4524eb13c0f483b7a146772451aa59

  • SHA1

    42160f73bfeab52bdd12c16cab0de7917dae5c4b

  • SHA256

    4ae6d0ed8c778b00a22f29cd6e90e0a8cde3f6518d8c564c3cdaeba392343c14

  • SHA512

    ffe0243d7f8445ffa972a3a1dbc6a5464c1ec0b5c6d2a324ae6a3f7f636f9063bc98f57b96868035e5bb01ca48146f4998aa324104232dd53b8207167a8e115c

Malware Config

Extracted

Family

redline

Botnet

Testing

C2

185.215.113.10:39759

Targets

    • Target

      de4524eb13c0f483b7a146772451aa59.exe

    • Size

      408KB

    • MD5

      de4524eb13c0f483b7a146772451aa59

    • SHA1

      42160f73bfeab52bdd12c16cab0de7917dae5c4b

    • SHA256

      4ae6d0ed8c778b00a22f29cd6e90e0a8cde3f6518d8c564c3cdaeba392343c14

    • SHA512

      ffe0243d7f8445ffa972a3a1dbc6a5464c1ec0b5c6d2a324ae6a3f7f636f9063bc98f57b96868035e5bb01ca48146f4998aa324104232dd53b8207167a8e115c

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix

Command and Control

    Credential Access

    Defense Evasion

      Discovery

      Execution

        Exfiltration

          Impact

            Initial Access

              Lateral Movement

                Persistence

                  Privilege Escalation

                    Tasks