General

  • Target

    85d0a102b13151b242f9415a4ea1d46cd7fa432e87f47440d84a55779354520c

  • Size

    243KB

  • Sample

    220911-vrss6sffhl

  • MD5

    adc32857a8273fe0a68e50e241be0fd0

  • SHA1

    8d6055d1ad56b7d6f7d99e51e882567b9856bac1

  • SHA256

    85d0a102b13151b242f9415a4ea1d46cd7fa432e87f47440d84a55779354520c

  • SHA512

    b3117ed3109f78029b415044d2726bbd00defeb186a41ae5eae595c17970c1ccd783e9d9cffc4892354980e485134aeb433f83ac39a34fe0aa880351e398353a

  • SSDEEP

    3072:3bDLoogbDINotmbDICogbDfboiFOK2WY2T62gViUUimBjzbObUnUmPXIWIBmk9Hl:btSQtotyUUPBjzbOm76uv9SG2

Malware Config

Extracted

Family

redline

Botnet

Lyla.11.09

C2

185.215.113.216:21921

Attributes
  • auth_value

    a1e5192e588aa983d678ceb4d6e0d8b5

Targets

    • Target

      85d0a102b13151b242f9415a4ea1d46cd7fa432e87f47440d84a55779354520c

    • Size

      243KB

    • MD5

      adc32857a8273fe0a68e50e241be0fd0

    • SHA1

      8d6055d1ad56b7d6f7d99e51e882567b9856bac1

    • SHA256

      85d0a102b13151b242f9415a4ea1d46cd7fa432e87f47440d84a55779354520c

    • SHA512

      b3117ed3109f78029b415044d2726bbd00defeb186a41ae5eae595c17970c1ccd783e9d9cffc4892354980e485134aeb433f83ac39a34fe0aa880351e398353a

    • SSDEEP

      3072:3bDLoogbDINotmbDICogbDfboiFOK2WY2T62gViUUimBjzbObUnUmPXIWIBmk9Hl:btSQtotyUUPBjzbOm76uv9SG2

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks