General

  • Target

    6e6c4215c2e2b395f41e7c3a9605e1af2e9b8814af3e4beda4e76eded3988d8a

  • Size

    3.9MB

  • Sample

    220628-k3l5naabf3

  • MD5

    7f83e72053c6fdfa5e9a9da2085222cc

  • SHA1

    56839deb07dfd04336df5a2b45fd83c9d8e294ff

  • SHA256

    6e6c4215c2e2b395f41e7c3a9605e1af2e9b8814af3e4beda4e76eded3988d8a

  • SHA512

    9dea0b95ea475b4d1ec8f34f42646b9f168ae7bc6871f6acb515eb551ef21d0efe73d9d1f0519dab9f99ac75fd02f05576c4c3210cedb2a1e144d3cdd9a678d6

Malware Config

Extracted

Family

redline

Botnet

test1

C2

135.181.156.128:10944

Attributes
  • auth_value

    5e53df8b6dd563acc136377edcacc242

Targets

    • Target

      6e6c4215c2e2b395f41e7c3a9605e1af2e9b8814af3e4beda4e76eded3988d8a

    • Size

      3.9MB

    • MD5

      7f83e72053c6fdfa5e9a9da2085222cc

    • SHA1

      56839deb07dfd04336df5a2b45fd83c9d8e294ff

    • SHA256

      6e6c4215c2e2b395f41e7c3a9605e1af2e9b8814af3e4beda4e76eded3988d8a

    • SHA512

      9dea0b95ea475b4d1ec8f34f42646b9f168ae7bc6871f6acb515eb551ef21d0efe73d9d1f0519dab9f99ac75fd02f05576c4c3210cedb2a1e144d3cdd9a678d6

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine Payload

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Collection

Data from Local System

1
T1005

Tasks