General

  • Target

    3c591943eed225ad674b2f4e345e5e5a8fa9d59f940e7dda9f44e79b1f38071b

  • Size

    274KB

  • Sample

    220811-zxntmacddp

  • MD5

    9c5bdcc0249a6bd3ef24f40028ab43d9

  • SHA1

    a0ffa57004e0b138d57d45beb31200e0d2e0dde3

  • SHA256

    bfdc874676a343e1046bccec863adff14317901e69ae957bec49c1dc7591fd28

  • SHA512

    9651bda9bf3700a17b16b6916212eb08ca5fcfc902d3077089832d50480224cf292c4ec1eb9418082b892199b9f3dda763c688be857aa6c9b34b7ea31a16b84c

Malware Config

Extracted

Family

redline

Botnet

ruzki

C2

193.106.191.165:39482

Attributes
  • auth_value

    71a0558c0eea274a5bd617ea85786884

Targets

    • Target

      3c591943eed225ad674b2f4e345e5e5a8fa9d59f940e7dda9f44e79b1f38071b

    • Size

      355KB

    • MD5

      a68a9b83e88030d612753e6777d7c9e9

    • SHA1

      fac85f65290396c32bb9eeadbf1abd44d1437022

    • SHA256

      3c591943eed225ad674b2f4e345e5e5a8fa9d59f940e7dda9f44e79b1f38071b

    • SHA512

      ac1ef28d411285673efffef0b7b528192694064bfa8c7e22efc87327a917f8d0cdfbe31d5778ab97d9d30efac17932f6cefc368eccfebadf282a71243452185b

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks