General

  • Target

    bc08a66b7ffb858c35346ba6bb18b102827081e8032e884abdecedc0fd0d38f5

  • Size

    305KB

  • Sample

    220617-2fdy7sgba7

  • MD5

    af5ad1b7a6203bec529846f40d25777d

  • SHA1

    ac37f742458d9ed5337c3d4eddcfb7c32d83c853

  • SHA256

    bc08a66b7ffb858c35346ba6bb18b102827081e8032e884abdecedc0fd0d38f5

  • SHA512

    77428f7742501653210a832a978cab5ffb4ac8852c6f798c810909f85fb7344ff5a56b2c67840ef7ba6103389027485f800aa475e1926a04fc45389af729a908

Malware Config

Extracted

Family

redline

Botnet

META

C2

193.106.191.245:23196

Attributes
  • auth_value

    2ea67e19fe494687c77a179004b4a1c8

Targets

    • Target

      bc08a66b7ffb858c35346ba6bb18b102827081e8032e884abdecedc0fd0d38f5

    • Size

      305KB

    • MD5

      af5ad1b7a6203bec529846f40d25777d

    • SHA1

      ac37f742458d9ed5337c3d4eddcfb7c32d83c853

    • SHA256

      bc08a66b7ffb858c35346ba6bb18b102827081e8032e884abdecedc0fd0d38f5

    • SHA512

      77428f7742501653210a832a978cab5ffb4ac8852c6f798c810909f85fb7344ff5a56b2c67840ef7ba6103389027485f800aa475e1926a04fc45389af729a908

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks