General

  • Target

    41373fac6bd0f23dbdbc2fe9b4acfb70d7aa48dba80e8.exe

  • Size

    1.0MB

  • Sample

    220127-vfqjnsgff6

  • MD5

    1a1cdef957a125bb0f1b01b019fe3950

  • SHA1

    a2043ccef00cb14eb67a6d92c04aa1b1e1648f50

  • SHA256

    41373fac6bd0f23dbdbc2fe9b4acfb70d7aa48dba80e8dccc74c4427ee48d7fd

  • SHA512

    d0a76f1a690957386f5a649d01bd994b41020a6707c225514eda0d83615bf03329c6a14fc3dc810be41019e3c9ebb3dcc4b4695aa75b8062e05ea0464c91a22b

Malware Config

Extracted

Family

redline

Botnet

test

C2

canalarleliv.xyz:40800

Targets

    • Target

      41373fac6bd0f23dbdbc2fe9b4acfb70d7aa48dba80e8.exe

    • Size

      1.0MB

    • MD5

      1a1cdef957a125bb0f1b01b019fe3950

    • SHA1

      a2043ccef00cb14eb67a6d92c04aa1b1e1648f50

    • SHA256

      41373fac6bd0f23dbdbc2fe9b4acfb70d7aa48dba80e8dccc74c4427ee48d7fd

    • SHA512

      d0a76f1a690957386f5a649d01bd994b41020a6707c225514eda0d83615bf03329c6a14fc3dc810be41019e3c9ebb3dcc4b4695aa75b8062e05ea0464c91a22b

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks