General

  • Target

    0776abd73dc7f6d644d266d8dac46607bc8551c7e10bf0d9567dfd508f762314

  • Size

    376KB

  • Sample

    220122-ct89tshcb7

  • MD5

    b6fc44b9026f2172854a9f69e19dc208

  • SHA1

    4b1412ae4e009a3c756980385639ded7587d248c

  • SHA256

    0776abd73dc7f6d644d266d8dac46607bc8551c7e10bf0d9567dfd508f762314

  • SHA512

    5e3628b49b92a62fe0464754a9c2c6009b047908e97655f132658b6893b08c1c5c06409757be73a7571292f17541cc506279a4d8d33699e64693e90d347aab6d

Malware Config

Extracted

Family

redline

Botnet

NONAME

C2

45.9.20.111:1355

Targets

    • Target

      0776abd73dc7f6d644d266d8dac46607bc8551c7e10bf0d9567dfd508f762314

    • Size

      376KB

    • MD5

      b6fc44b9026f2172854a9f69e19dc208

    • SHA1

      4b1412ae4e009a3c756980385639ded7587d248c

    • SHA256

      0776abd73dc7f6d644d266d8dac46607bc8551c7e10bf0d9567dfd508f762314

    • SHA512

      5e3628b49b92a62fe0464754a9c2c6009b047908e97655f132658b6893b08c1c5c06409757be73a7571292f17541cc506279a4d8d33699e64693e90d347aab6d

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

1
T1005

Tasks