General

  • Target

    68900761d23c77b005b89feb89876c85

  • Size

    515KB

  • Sample

    220126-xftx7shcc2

  • MD5

    68900761d23c77b005b89feb89876c85

  • SHA1

    2d9a95cfe66fd559424957eed4ac797271a87144

  • SHA256

    782f3607d63d38bd59a78ae9f219ef092850f29c3da05c019594b44f53ac84ac

  • SHA512

    1ff6772b27c34d5550ef6d11b69beb4ab99dd17ad1600286248cd3dd9dec3469bf5d39d80252a60965ddfb76a75f7d9d72b73f5460d2b8ffe9a8739d1b34c571

Malware Config

Targets

    • Target

      68900761d23c77b005b89feb89876c85

    • Size

      515KB

    • MD5

      68900761d23c77b005b89feb89876c85

    • SHA1

      2d9a95cfe66fd559424957eed4ac797271a87144

    • SHA256

      782f3607d63d38bd59a78ae9f219ef092850f29c3da05c019594b44f53ac84ac

    • SHA512

      1ff6772b27c34d5550ef6d11b69beb4ab99dd17ad1600286248cd3dd9dec3469bf5d39d80252a60965ddfb76a75f7d9d72b73f5460d2b8ffe9a8739d1b34c571

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks