General

  • Target

    c258d63c328a2eb6490b84c2b5586b2d47f8a24a821f6e935b4eab86ed3a6430

  • Size

    326KB

  • Sample

    220211-f17alachak

  • MD5

    58218197c467ef27caa007d927a36d3e

  • SHA1

    95b51f43da1fcf051586fb00d9a4d2a2cfb30413

  • SHA256

    c258d63c328a2eb6490b84c2b5586b2d47f8a24a821f6e935b4eab86ed3a6430

  • SHA512

    344961aab2b3534a6734b24123404f86d52913a8bda4700087e7ab2b2f3c7513a75b745171e1c29817d16f6c689dd05a2bfe3d7b57370f7fa17dfbaf434a9148

Malware Config

Extracted

Family

redline

Botnet

noname

C2

185.215.113.29:20819

Attributes
  • auth_value

    ee92d883673b7156fdd66cac5fc8d2d0

Targets

    • Target

      c258d63c328a2eb6490b84c2b5586b2d47f8a24a821f6e935b4eab86ed3a6430

    • Size

      326KB

    • MD5

      58218197c467ef27caa007d927a36d3e

    • SHA1

      95b51f43da1fcf051586fb00d9a4d2a2cfb30413

    • SHA256

      c258d63c328a2eb6490b84c2b5586b2d47f8a24a821f6e935b4eab86ed3a6430

    • SHA512

      344961aab2b3534a6734b24123404f86d52913a8bda4700087e7ab2b2f3c7513a75b745171e1c29817d16f6c689dd05a2bfe3d7b57370f7fa17dfbaf434a9148

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

1
T1005

Tasks