5bbe661cfc9bc2bc87e247ed77e8842405a8c668f6185a6bfcc1344ff871f065

General
Target

5bbe661cfc9bc2bc87e247ed77e8842405a8c668f6185a6bfcc1344ff871f065

Size

1MB

Sample

220308-vdrc7ahcc3

Score
10 /10
MD5

785d2a137e07c46e7ea165de0f16cb51

SHA1

975258bbb7889f0ebabf1ef518cc673a56c6ab05

SHA256

5bbe661cfc9bc2bc87e247ed77e8842405a8c668f6185a6bfcc1344ff871f065

SHA512

e7745cea21bb4c94db27dfe5e095bf59ea41a3e47294f0e9aa6a841d9525a868ef6d5a09a929ac01c5ebc8908a6fdb4fdeb4653e63ecdf024d0f83f33b69455d

Malware Config

Extracted

Family redline
Botnet 1
C2

193.106.191.115:22844

Attributes
auth_value
03a75a697cd88e0f34b1f6c08b8bbba9
Targets
Target

5bbe661cfc9bc2bc87e247ed77e8842405a8c668f6185a6bfcc1344ff871f065

MD5

785d2a137e07c46e7ea165de0f16cb51

Filesize

1MB

Score
10/10
SHA1

975258bbb7889f0ebabf1ef518cc673a56c6ab05

SHA256

5bbe661cfc9bc2bc87e247ed77e8842405a8c668f6185a6bfcc1344ff871f065

SHA512

e7745cea21bb4c94db27dfe5e095bf59ea41a3e47294f0e9aa6a841d9525a868ef6d5a09a929ac01c5ebc8908a6fdb4fdeb4653e63ecdf024d0f83f33b69455d

Tags

Signatures

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • RedLine Payload

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Suspicious use of NtSetInformationThreadHideFromDebugger

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation
                    Tasks

                    static1