General

  • Target

    3080065bc74021479f4e7bbf93223503dcfb6c58111684d8be82ba32594bcb1e

  • Size

    462KB

  • Sample

    220128-qypb4seac8

  • MD5

    9ad884151890c55fcb2b55746be3fe25

  • SHA1

    1b4fe468946b615516d75abc96ae4a4c6a9eed80

  • SHA256

    3080065bc74021479f4e7bbf93223503dcfb6c58111684d8be82ba32594bcb1e

  • SHA512

    f7e40fffa0173e60849fae188885cd1f417445ca7e9dd6f9bff951f91dc3dac036f7cced0d789e42f356b012bf00e2883a69fa6b43868432ba0abff407639e1f

Malware Config

Extracted

Family

redline

Botnet

noname

C2

185.215.113.29:20819

Targets

    • Target

      3080065bc74021479f4e7bbf93223503dcfb6c58111684d8be82ba32594bcb1e

    • Size

      462KB

    • MD5

      9ad884151890c55fcb2b55746be3fe25

    • SHA1

      1b4fe468946b615516d75abc96ae4a4c6a9eed80

    • SHA256

      3080065bc74021479f4e7bbf93223503dcfb6c58111684d8be82ba32594bcb1e

    • SHA512

      f7e40fffa0173e60849fae188885cd1f417445ca7e9dd6f9bff951f91dc3dac036f7cced0d789e42f356b012bf00e2883a69fa6b43868432ba0abff407639e1f

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

1
T1005

Tasks