General

  • Target

    ec7070d76f47a2c3c1ca45a347677af44d2d9b35bb910cc001c64286135a9334

  • Size

    378KB

  • Sample

    220122-thephscbfn

  • MD5

    f417d2605c17c41a75a399aa3c5a2bd0

  • SHA1

    9f7438479414caae8395f6dec654471693a4ad3a

  • SHA256

    ec7070d76f47a2c3c1ca45a347677af44d2d9b35bb910cc001c64286135a9334

  • SHA512

    d4730dcdea79ebd5a23e51e98b9798fcd57f30a2a33b8239f45800c492c61abc923c2e7046981e57da6eb3f93e6cfa88c9b84a961907f748a6d9e0fb991b756a

Malware Config

Extracted

Family

redline

Botnet

NONAME

C2

45.9.20.111:1355

Targets

    • Target

      ec7070d76f47a2c3c1ca45a347677af44d2d9b35bb910cc001c64286135a9334

    • Size

      378KB

    • MD5

      f417d2605c17c41a75a399aa3c5a2bd0

    • SHA1

      9f7438479414caae8395f6dec654471693a4ad3a

    • SHA256

      ec7070d76f47a2c3c1ca45a347677af44d2d9b35bb910cc001c64286135a9334

    • SHA512

      d4730dcdea79ebd5a23e51e98b9798fcd57f30a2a33b8239f45800c492c61abc923c2e7046981e57da6eb3f93e6cfa88c9b84a961907f748a6d9e0fb991b756a

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

1
T1005

Tasks