General

  • Target

    880052859453b31ebe34e316456e7a8974f508aa5fa8e20b7ae7dc6ff06e5dbb

  • Size

    391KB

  • Sample

    220124-allsfsgegp

  • MD5

    099cea11e0ac7a6194ce8c173a159d8d

  • SHA1

    8bbab3d70dbd961285f3ff9b48b13cf1b1997b9f

  • SHA256

    880052859453b31ebe34e316456e7a8974f508aa5fa8e20b7ae7dc6ff06e5dbb

  • SHA512

    3a6c59f8aaf1b4de3e00e3353e575de7830e8df445a35e0678bd529553c699a17c7bb1dcd925bdaf3a2a843a6e8b819783b61e6dc33473c7e7e0670c7454d263

Malware Config

Extracted

Family

redline

Botnet

NONAME

C2

45.9.20.111:1355

Targets

    • Target

      880052859453b31ebe34e316456e7a8974f508aa5fa8e20b7ae7dc6ff06e5dbb

    • Size

      391KB

    • MD5

      099cea11e0ac7a6194ce8c173a159d8d

    • SHA1

      8bbab3d70dbd961285f3ff9b48b13cf1b1997b9f

    • SHA256

      880052859453b31ebe34e316456e7a8974f508aa5fa8e20b7ae7dc6ff06e5dbb

    • SHA512

      3a6c59f8aaf1b4de3e00e3353e575de7830e8df445a35e0678bd529553c699a17c7bb1dcd925bdaf3a2a843a6e8b819783b61e6dc33473c7e7e0670c7454d263

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

1
T1005

Tasks