General

  • Target

    d1a06f5262625b06ade399e9e6b39bb96dd89a05dd8b5ca209311f21e90f8678

  • Size

    337KB

  • Sample

    220811-y5wzjaeda2

  • MD5

    a6407f45ffd9b3ee28a0e4db14abab92

  • SHA1

    bebdc07af2eef1793462a52eb4ce57728ff0b893

  • SHA256

    d1a06f5262625b06ade399e9e6b39bb96dd89a05dd8b5ca209311f21e90f8678

  • SHA512

    89ba62c5afba1c08669b6c3f28e47e58bf11812c3882a0367ddece409f91c63f44d91555a3d191c0de4e3bcf747749ba64188d04d61108251c45cdb5cf16705f

Malware Config

Extracted

Family

redline

Botnet

ruzki

C2

193.106.191.165:39482

Attributes
  • auth_value

    71a0558c0eea274a5bd617ea85786884

Targets

    • Target

      d1a06f5262625b06ade399e9e6b39bb96dd89a05dd8b5ca209311f21e90f8678

    • Size

      337KB

    • MD5

      a6407f45ffd9b3ee28a0e4db14abab92

    • SHA1

      bebdc07af2eef1793462a52eb4ce57728ff0b893

    • SHA256

      d1a06f5262625b06ade399e9e6b39bb96dd89a05dd8b5ca209311f21e90f8678

    • SHA512

      89ba62c5afba1c08669b6c3f28e47e58bf11812c3882a0367ddece409f91c63f44d91555a3d191c0de4e3bcf747749ba64188d04d61108251c45cdb5cf16705f

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks