General

  • Target

    4cc07d33c48084395ed0c7ffcaf9549d9cbe961b7e9c33ef546826cbe3b94817

  • Size

    2.0MB

  • Sample

    220729-vhk2zabdg5

  • MD5

    2eef072591fa615c5a3e8762076210d2

  • SHA1

    9d1346230f5d49439bfa5556f9cd35fc2466217b

  • SHA256

    4cc07d33c48084395ed0c7ffcaf9549d9cbe961b7e9c33ef546826cbe3b94817

  • SHA512

    325f695ebef428c80371c1d1ddf7bbbab71df12c3a695972c38efdb687d1b9f358736832055337fc834a703b5479faba408f5e57d18d8aba5725ac89513118a6

Malware Config

Extracted

Family

redline

Botnet

Lyla29.07

C2

185.215.113.216:21921

Attributes
  • auth_value

    ce5605b2c036c2c3b7bdfb23dcf5f5a2

Targets

    • Target

      4cc07d33c48084395ed0c7ffcaf9549d9cbe961b7e9c33ef546826cbe3b94817

    • Size

      2.0MB

    • MD5

      2eef072591fa615c5a3e8762076210d2

    • SHA1

      9d1346230f5d49439bfa5556f9cd35fc2466217b

    • SHA256

      4cc07d33c48084395ed0c7ffcaf9549d9cbe961b7e9c33ef546826cbe3b94817

    • SHA512

      325f695ebef428c80371c1d1ddf7bbbab71df12c3a695972c38efdb687d1b9f358736832055337fc834a703b5479faba408f5e57d18d8aba5725ac89513118a6

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks