General

  • Target

    9648ccc9dbf898cb7d0c7dd1dd010f6c1ed5aad55140ef3a419d6ee127539806

  • Size

    431KB

  • Sample

    220706-wysmesaaa7

  • MD5

    7719954b623f59b1bafc58b048ea7c4b

  • SHA1

    259d6600250108b12c41f0a8f89e89a6b6afee2d

  • SHA256

    9648ccc9dbf898cb7d0c7dd1dd010f6c1ed5aad55140ef3a419d6ee127539806

  • SHA512

    e5398ffdef578db363b159af0e7ad26e789d160a09a8ccdb54603e83039ad054a043f70d3099d87fbc8eb65fdf0a6e192ee169036ee0fb7d2a2e016c81e4e79a

Malware Config

Extracted

Family

redline

Botnet

ib1.4

C2

levelcupsecurity.eu:80

Attributes
  • auth_value

    363e918b58f663fdb3c6d525cf98d4b0

Targets

    • Target

      9648ccc9dbf898cb7d0c7dd1dd010f6c1ed5aad55140ef3a419d6ee127539806

    • Size

      431KB

    • MD5

      7719954b623f59b1bafc58b048ea7c4b

    • SHA1

      259d6600250108b12c41f0a8f89e89a6b6afee2d

    • SHA256

      9648ccc9dbf898cb7d0c7dd1dd010f6c1ed5aad55140ef3a419d6ee127539806

    • SHA512

      e5398ffdef578db363b159af0e7ad26e789d160a09a8ccdb54603e83039ad054a043f70d3099d87fbc8eb65fdf0a6e192ee169036ee0fb7d2a2e016c81e4e79a

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks