General

  • Target

    2d82e375212398a13c0f1af63384143534ceaeacfe0afd9f316bd7a497d7ac88

  • Size

    102KB

  • Sample

    220309-x2zqksecgn

  • MD5

    1597323acab489ee1798a38278a08b2f

  • SHA1

    a585e9913d39f48ed7dc1a294f69de5d9466fff2

  • SHA256

    2d82e375212398a13c0f1af63384143534ceaeacfe0afd9f316bd7a497d7ac88

  • SHA512

    a0f34b63fd39423b2bd3a8869e8a1216e9e4056b58686405e1d66c54661586b40df353e9ffc04fde0b6e6c180fd6fe33c4f7d46b2aae4c9932116a10e4ae92cb

Malware Config

Extracted

Family

redline

Botnet

1

C2

138.124.180.81:6482

Attributes
  • auth_value

    16a2d7f0fda0ec607bf6663d787829ef

Targets

    • Target

      2d82e375212398a13c0f1af63384143534ceaeacfe0afd9f316bd7a497d7ac88

    • Size

      102KB

    • MD5

      1597323acab489ee1798a38278a08b2f

    • SHA1

      a585e9913d39f48ed7dc1a294f69de5d9466fff2

    • SHA256

      2d82e375212398a13c0f1af63384143534ceaeacfe0afd9f316bd7a497d7ac88

    • SHA512

      a0f34b63fd39423b2bd3a8869e8a1216e9e4056b58686405e1d66c54661586b40df353e9ffc04fde0b6e6c180fd6fe33c4f7d46b2aae4c9932116a10e4ae92cb

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

1
T1005

Tasks