b83e9818917deeb8a68fd1edd49b051af26d06d15c6dea668313da96b7f99fe6

General
Target

b83e9818917deeb8a68fd1edd49b051af26d06d15c6dea668313da96b7f99fe6

Size

415KB

Sample

220521-t84rbsddhq

Score
10 /10
MD5

5d1f6ce498f67560c2f1c4cc4f47614b

SHA1

a2f4a13950b5147511e1336d2b38cda3cc066ff6

SHA256

b83e9818917deeb8a68fd1edd49b051af26d06d15c6dea668313da96b7f99fe6

SHA512

1bbaabc18717fe13afd0ca9cbf7e704db7828dff27fe9c5e9411e599d88b696b352ccca9f423456f4f04612a9bbe9b502e6722d7f98eb66bfebae8ad07a6be31

Malware Config

Extracted

Family redline
Botnet RuzkiUNIKALNO
C2

193.233.48.58:38989

Attributes
auth_value
c504b04cfbdd4bf85ce6195bcb37fba6
Targets
Target

b83e9818917deeb8a68fd1edd49b051af26d06d15c6dea668313da96b7f99fe6

MD5

5d1f6ce498f67560c2f1c4cc4f47614b

Filesize

415KB

Score
10/10
SHA1

a2f4a13950b5147511e1336d2b38cda3cc066ff6

SHA256

b83e9818917deeb8a68fd1edd49b051af26d06d15c6dea668313da96b7f99fe6

SHA512

1bbaabc18717fe13afd0ca9cbf7e704db7828dff27fe9c5e9411e599d88b696b352ccca9f423456f4f04612a9bbe9b502e6722d7f98eb66bfebae8ad07a6be31

Tags

Signatures

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • RedLine Payload

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation