General

  • Target

    7217e6db8fe12938811c9eef6d2359f1e3a4d933badc8547765f99af092e8758

  • Size

    416KB

  • Sample

    220521-rdywgscgfk

  • MD5

    7892e0079e92e4e509d9d471187f6bd0

  • SHA1

    4a4e506806839a06433dc162b000f6ba6aca491d

  • SHA256

    7217e6db8fe12938811c9eef6d2359f1e3a4d933badc8547765f99af092e8758

  • SHA512

    21a5f642145a34cefb2e196489b16c4a30326ec7141fe8cb56b15fac0822ab13e5d452709087d8c7b6cf97c401cdbfc022c0845411cde3e25dd696ec5f5c2edd

Malware Config

Extracted

Family

redline

Botnet

RuzkiUNIKALNO

C2

193.233.48.58:38989

Attributes
  • auth_value

    c504b04cfbdd4bf85ce6195bcb37fba6

Targets

    • Target

      7217e6db8fe12938811c9eef6d2359f1e3a4d933badc8547765f99af092e8758

    • Size

      416KB

    • MD5

      7892e0079e92e4e509d9d471187f6bd0

    • SHA1

      4a4e506806839a06433dc162b000f6ba6aca491d

    • SHA256

      7217e6db8fe12938811c9eef6d2359f1e3a4d933badc8547765f99af092e8758

    • SHA512

      21a5f642145a34cefb2e196489b16c4a30326ec7141fe8cb56b15fac0822ab13e5d452709087d8c7b6cf97c401cdbfc022c0845411cde3e25dd696ec5f5c2edd

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks