General

  • Target

    26cdbe0f7546a9e3468ce796f238e0eef396ff81b1490953bdc58aba76d88236

  • Size

    7.5MB

  • Sample

    220911-yvx4vafhbl

  • MD5

    698f860a3387c43630ce6db9ed23186c

  • SHA1

    7c7ef967c36b7be7f3ddfd4a17983e7d87f5abf0

  • SHA256

    26cdbe0f7546a9e3468ce796f238e0eef396ff81b1490953bdc58aba76d88236

  • SHA512

    626917073db8c105c1ec5230eb8870e62212613cd8002a6ae10e3ed2ca23f26deb891aaded8f727ba37d8cfc98926d7f5c01f6d7623ac08b1bfe58864ed2dada

  • SSDEEP

    196608:MK5w/YJIYf/0jjquBMakyrDQf8UBGo6p1sKKtYnA:MeIYJZ0fbMgQ0U8omsFtYnA

Malware Config

Extracted

Family

redline

Botnet

3108_RUZKI

C2

213.219.247.199:9452

Attributes
  • auth_value

    f71fed1cd094e4e1eb7ad1c53e542bca

Targets

    • Target

      26cdbe0f7546a9e3468ce796f238e0eef396ff81b1490953bdc58aba76d88236

    • Size

      7.5MB

    • MD5

      698f860a3387c43630ce6db9ed23186c

    • SHA1

      7c7ef967c36b7be7f3ddfd4a17983e7d87f5abf0

    • SHA256

      26cdbe0f7546a9e3468ce796f238e0eef396ff81b1490953bdc58aba76d88236

    • SHA512

      626917073db8c105c1ec5230eb8870e62212613cd8002a6ae10e3ed2ca23f26deb891aaded8f727ba37d8cfc98926d7f5c01f6d7623ac08b1bfe58864ed2dada

    • SSDEEP

      196608:MK5w/YJIYf/0jjquBMakyrDQf8UBGo6p1sKKtYnA:MeIYJZ0fbMgQ0U8omsFtYnA

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Command-Line Interface

1
T1059

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

2
T1005

Tasks