e38da1a6a034605a041b29e5d3f75744.exe

General
Target

e38da1a6a034605a041b29e5d3f75744.exe

Size

104KB

Sample

220129-sbmacaccgq

Score
10 /10
MD5

e38da1a6a034605a041b29e5d3f75744

SHA1

97426ad80cd875a604e5a0a3b70c05ea5d575d13

SHA256

9a8387a3ae0ddcb6ef51add1fed84b4068b5ab97af08d1f590d87d162a5d8bd5

SHA512

19f360bdbf985a4e5020ad6ec67549c78807226f8e70366328a57fcf64acd522e3e7f62b7472710fe61b44de8b5512b013ba9d7bfb050544482fd78a0bb87258

Malware Config

Extracted

Family redline
Botnet 1
C2

23.226.132.6:9597

Targets
Target

e38da1a6a034605a041b29e5d3f75744.exe

MD5

e38da1a6a034605a041b29e5d3f75744

Filesize

104KB

Score
10/10
SHA1

97426ad80cd875a604e5a0a3b70c05ea5d575d13

SHA256

9a8387a3ae0ddcb6ef51add1fed84b4068b5ab97af08d1f590d87d162a5d8bd5

SHA512

19f360bdbf985a4e5020ad6ec67549c78807226f8e70366328a57fcf64acd522e3e7f62b7472710fe61b44de8b5512b013ba9d7bfb050544482fd78a0bb87258

Tags

Signatures

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • RedLine Payload

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation