General

  • Target

    217fb6cf79c59798a432b0dbb1b2f287.exe

  • Size

    389KB

  • Sample

    220124-gx86fsddgj

  • MD5

    217fb6cf79c59798a432b0dbb1b2f287

  • SHA1

    bfb545ce4e6383638195764002256f02c8d2a9e3

  • SHA256

    5b3c59db7560ddf92f3480b42f7114dbd0d32d64364487b85f1cbb4156c5d9d8

  • SHA512

    80a8c147628b053a3a2251e0ac8a99e02d6ed80ddbd4a7357ddfa43430e2e8c28e055d7033cd08c49212fce3f3efebf0496765f017453fbdbcc23eab8f2f50a1

Malware Config

Extracted

Family

redline

Botnet

NONAME

C2

45.9.20.111:1355

Targets

    • Target

      217fb6cf79c59798a432b0dbb1b2f287.exe

    • Size

      389KB

    • MD5

      217fb6cf79c59798a432b0dbb1b2f287

    • SHA1

      bfb545ce4e6383638195764002256f02c8d2a9e3

    • SHA256

      5b3c59db7560ddf92f3480b42f7114dbd0d32d64364487b85f1cbb4156c5d9d8

    • SHA512

      80a8c147628b053a3a2251e0ac8a99e02d6ed80ddbd4a7357ddfa43430e2e8c28e055d7033cd08c49212fce3f3efebf0496765f017453fbdbcc23eab8f2f50a1

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

1
T1005

Tasks