General

  • Target

    b2ba97534d4f06a680b89e7a72f9bd2d.exe

  • Size

    107KB

  • Sample

    220815-gm2cvsfafl

  • MD5

    b2ba97534d4f06a680b89e7a72f9bd2d

  • SHA1

    94621d3abcb442cabbdbb98bc8c348d87b63e55b

  • SHA256

    5bea873f424343d158a59032eba5e9d54a7e21634169eb6a95c9d6a11cd2b9f4

  • SHA512

    f1f5a01530f2bdd55ecfdf59005e4764ccdc57a6301431342ceca63e5428cbc717ec976b236ab71302b8b9ec80bca71714f41c2a4d8b0eb1c1fc227e235a1099

Malware Config

Extracted

Family

redline

Botnet

X

C2

45.76.223.107:25950

Attributes
  • auth_value

    249e1ece2f90b39d9c5563282076f21f

Targets

    • Target

      b2ba97534d4f06a680b89e7a72f9bd2d.exe

    • Size

      107KB

    • MD5

      b2ba97534d4f06a680b89e7a72f9bd2d

    • SHA1

      94621d3abcb442cabbdbb98bc8c348d87b63e55b

    • SHA256

      5bea873f424343d158a59032eba5e9d54a7e21634169eb6a95c9d6a11cd2b9f4

    • SHA512

      f1f5a01530f2bdd55ecfdf59005e4764ccdc57a6301431342ceca63e5428cbc717ec976b236ab71302b8b9ec80bca71714f41c2a4d8b0eb1c1fc227e235a1099

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks