b27a5ca0a0933895ea686376353fbe6981b8b1af825e3b887f4ca4544d6d6c91

General
Target

b27a5ca0a0933895ea686376353fbe6981b8b1af825e3b887f4ca4544d6d6c91

Size

346KB

Sample

220127-k41dnsaef3

Score
10 /10
MD5

f81083e9f58ce4916e696520ea4f6254

SHA1

a1d687bb752af5421309e86d56983a237b0768a5

SHA256

b27a5ca0a0933895ea686376353fbe6981b8b1af825e3b887f4ca4544d6d6c91

SHA512

2824c759ec73d4f49a579014ecd1fac14957a1806c54118045f4fcd81757ff10fa1fd02068313ec1c657c091a45800faecf6b8738e76ca46bd63b6a26feb5cc7

Malware Config

Extracted

Family redline
C2

212.192.246.94:58230

Targets
Target

b27a5ca0a0933895ea686376353fbe6981b8b1af825e3b887f4ca4544d6d6c91

MD5

f81083e9f58ce4916e696520ea4f6254

Filesize

346KB

Score
10/10
SHA1

a1d687bb752af5421309e86d56983a237b0768a5

SHA256

b27a5ca0a0933895ea686376353fbe6981b8b1af825e3b887f4ca4544d6d6c91

SHA512

2824c759ec73d4f49a579014ecd1fac14957a1806c54118045f4fcd81757ff10fa1fd02068313ec1c657c091a45800faecf6b8738e76ca46bd63b6a26feb5cc7

Tags

Signatures

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • RedLine Payload

  • Downloads MZ/PE file

  • Executes dropped EXE

  • UPX packed file

    Description

    Detects executables packed with UPX/modified UPX open source packer.

    Tags

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Drops file in System32 directory

  • Suspicious use of NtSetInformationThreadHideFromDebugger

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                Privilege Escalation
                  Tasks