General

  • Target

    2c45508907c68d25ae9ef9bd141737492a72fe0984ad6335a994c7c7765c1564

  • Size

    228KB

  • Sample

    220913-wtmwdagce5

  • MD5

    665caec5d39eaaa9e592b4edb78b3723

  • SHA1

    5b8a726a72aecf7746bfdb085cbd72d05d129ec1

  • SHA256

    2c45508907c68d25ae9ef9bd141737492a72fe0984ad6335a994c7c7765c1564

  • SHA512

    51b2d7543590f7665e33983a726a14f8ea2bd6ff7e1546d0340c96b605e0b5bc8ee269faba934b1e3da8b9fa066b86cf9765556ccbaab0313063378a1d80060c

  • SSDEEP

    6144:ue05uwL2gMxrBjzUOzL9F0xrc+jdVuZFu:ue0owL27t75N

Malware Config

Extracted

Family

redline

Botnet

Lyla.11.09

C2

185.215.113.216:21921

Attributes
  • auth_value

    a1e5192e588aa983d678ceb4d6e0d8b5

Targets

    • Target

      2c45508907c68d25ae9ef9bd141737492a72fe0984ad6335a994c7c7765c1564

    • Size

      228KB

    • MD5

      665caec5d39eaaa9e592b4edb78b3723

    • SHA1

      5b8a726a72aecf7746bfdb085cbd72d05d129ec1

    • SHA256

      2c45508907c68d25ae9ef9bd141737492a72fe0984ad6335a994c7c7765c1564

    • SHA512

      51b2d7543590f7665e33983a726a14f8ea2bd6ff7e1546d0340c96b605e0b5bc8ee269faba934b1e3da8b9fa066b86cf9765556ccbaab0313063378a1d80060c

    • SSDEEP

      6144:ue05uwL2gMxrBjzUOzL9F0xrc+jdVuZFu:ue0owL27t75N

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks