General

  • Target

    05745825ddc88f8c0032fee69868537e73a36924439ee591b9850b3a405a2ee6

  • Size

    306KB

  • Sample

    220618-gqxtvahfa2

  • MD5

    753b85917e8456e20bac69a229b17cae

  • SHA1

    a7d353d7b7a7bcb422935b7d03812b6f62c225ab

  • SHA256

    05745825ddc88f8c0032fee69868537e73a36924439ee591b9850b3a405a2ee6

  • SHA512

    c335e7607d1bd9aa5d25a8daa922c6191b34d3eb807f30a97efbc3916a4a818abbe5968dc9b95c7dff28fa20854d97aa2a11f98b6207caffb0d120bc6497398a

Malware Config

Extracted

Family

redline

Botnet

META

C2

193.106.191.245:23196

Attributes
  • auth_value

    2ea67e19fe494687c77a179004b4a1c8

Targets

    • Target

      05745825ddc88f8c0032fee69868537e73a36924439ee591b9850b3a405a2ee6

    • Size

      306KB

    • MD5

      753b85917e8456e20bac69a229b17cae

    • SHA1

      a7d353d7b7a7bcb422935b7d03812b6f62c225ab

    • SHA256

      05745825ddc88f8c0032fee69868537e73a36924439ee591b9850b3a405a2ee6

    • SHA512

      c335e7607d1bd9aa5d25a8daa922c6191b34d3eb807f30a97efbc3916a4a818abbe5968dc9b95c7dff28fa20854d97aa2a11f98b6207caffb0d120bc6497398a

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks