General

  • Target

    cdd83fac47585fb7c0b6d354b68797b7979eced3f0f1305e5553829b2362077a

  • Size

    388KB

  • Sample

    220123-shn3hsgbe2

  • MD5

    28604a102c036c2368ff23252427f237

  • SHA1

    9f2f19173c8ad1562da8a0262f563eaf50b097f5

  • SHA256

    cdd83fac47585fb7c0b6d354b68797b7979eced3f0f1305e5553829b2362077a

  • SHA512

    aab2c4c9d7af988ea7c0fe986d34899b85c45f947c3ddf437d1bb25c47292c895fd66a288fba17a333d7bbcbd6fbf36115d99c42643451e01c6814487b5828de

Malware Config

Extracted

Family

redline

Botnet

NONAME

C2

45.9.20.111:1355

Targets

    • Target

      cdd83fac47585fb7c0b6d354b68797b7979eced3f0f1305e5553829b2362077a

    • Size

      388KB

    • MD5

      28604a102c036c2368ff23252427f237

    • SHA1

      9f2f19173c8ad1562da8a0262f563eaf50b097f5

    • SHA256

      cdd83fac47585fb7c0b6d354b68797b7979eced3f0f1305e5553829b2362077a

    • SHA512

      aab2c4c9d7af988ea7c0fe986d34899b85c45f947c3ddf437d1bb25c47292c895fd66a288fba17a333d7bbcbd6fbf36115d99c42643451e01c6814487b5828de

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

1
T1005

Tasks