General

  • Target

    44666bbe25cb7c1d7f32d024d3892f6e589fa2e176e5e7961b3d48080a8c6a19

  • Size

    451KB

  • Sample

    220211-wy1m2aefbm

  • MD5

    7fabf75b1df6607e9c948b57df4a1e0c

  • SHA1

    71fcf8bad0cb0413bb07b66dfec74c388904a118

  • SHA256

    44666bbe25cb7c1d7f32d024d3892f6e589fa2e176e5e7961b3d48080a8c6a19

  • SHA512

    22d400e7046388c5eb0282a71a9162127e225a09aa87094d87c2d4afa8eb5894d5aea53d4f9676127864a10f04973a8272a5cc255e2cd09f27c3a575f7455f92

Malware Config

Extracted

Family

redline

Botnet

noname

C2

185.215.113.29:20819

Attributes
  • auth_value

    ee92d883673b7156fdd66cac5fc8d2d0

Targets

    • Target

      44666bbe25cb7c1d7f32d024d3892f6e589fa2e176e5e7961b3d48080a8c6a19

    • Size

      451KB

    • MD5

      7fabf75b1df6607e9c948b57df4a1e0c

    • SHA1

      71fcf8bad0cb0413bb07b66dfec74c388904a118

    • SHA256

      44666bbe25cb7c1d7f32d024d3892f6e589fa2e176e5e7961b3d48080a8c6a19

    • SHA512

      22d400e7046388c5eb0282a71a9162127e225a09aa87094d87c2d4afa8eb5894d5aea53d4f9676127864a10f04973a8272a5cc255e2cd09f27c3a575f7455f92

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

1
T1005

Tasks