ea0c8c8f4ae1cb9a60f8fe532d9effa61a8fcec8ca0ca8b231fa73f2d5408c3c

General
Target

ea0c8c8f4ae1cb9a60f8fe532d9effa61a8fcec8ca0ca8b231fa73f2d5408c3c

Size

380KB

Sample

220127-k1y2faacdq

Score
10 /10
MD5

3490d8c4ddf715b103e851fff227c3eb

SHA1

6e456f5f062801c8a4130a94c21e2126b12fe033

SHA256

ea0c8c8f4ae1cb9a60f8fe532d9effa61a8fcec8ca0ca8b231fa73f2d5408c3c

SHA512

fa9421f9dc37773c8f0dc1592a6db4eee1b85d931c7aaf84e98a3c68f9ba76e84bdd394758ba1654d076b5bd9b84ff203ddbafdfe6c60eb14e370adc26fd64f6

Malware Config

Extracted

Family redline
Botnet noname
C2

185.215.113.29:20819
Targets
Target

ea0c8c8f4ae1cb9a60f8fe532d9effa61a8fcec8ca0ca8b231fa73f2d5408c3c

MD5

3490d8c4ddf715b103e851fff227c3eb

Filesize

380KB

Score
10/10
SHA1

6e456f5f062801c8a4130a94c21e2126b12fe033

SHA256

ea0c8c8f4ae1cb9a60f8fe532d9effa61a8fcec8ca0ca8b231fa73f2d5408c3c

SHA512

fa9421f9dc37773c8f0dc1592a6db4eee1b85d931c7aaf84e98a3c68f9ba76e84bdd394758ba1654d076b5bd9b84ff203ddbafdfe6c60eb14e370adc26fd64f6

Tags

Signatures

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • RedLine Payload

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files

  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry

Related Tasks

behavioral1
MITRE ATT&CK Matrix
Collection
Command and Control
    Credential Access
    Defense Evasion
      Discovery
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation
                    Tasks