General

  • Target

    34a98bdc62fdb4223ab38e473e6b04fe1f7db857ccdd98d6ca80ed29607a364e

  • Size

    169KB

  • Sample

    220916-gwtdlsaefm

  • MD5

    274035d34a5ac18bfe36fdde4b2d094c

  • SHA1

    8367f96986b71fecfa67922919c83bafe9417990

  • SHA256

    34a98bdc62fdb4223ab38e473e6b04fe1f7db857ccdd98d6ca80ed29607a364e

  • SHA512

    608b78658f37a761422a5efc63db080d9000a0761a48aba0af4725edcfb1f4aa6dbad1061d9a73a15b41946cce8323292eb1a3f005d16808124744af0ca58e3a

  • SSDEEP

    3072:U50HS507oc4dGBTT1Bjz+8qbHUDJ48z3F5KWqXBCPE:i3c9xBjz+yOo5Kw

Malware Config

Extracted

Family

redline

Botnet

Lyla.11.09

C2

185.215.113.216:21921

Attributes
  • auth_value

    a1e5192e588aa983d678ceb4d6e0d8b5

Targets

    • Target

      34a98bdc62fdb4223ab38e473e6b04fe1f7db857ccdd98d6ca80ed29607a364e

    • Size

      169KB

    • MD5

      274035d34a5ac18bfe36fdde4b2d094c

    • SHA1

      8367f96986b71fecfa67922919c83bafe9417990

    • SHA256

      34a98bdc62fdb4223ab38e473e6b04fe1f7db857ccdd98d6ca80ed29607a364e

    • SHA512

      608b78658f37a761422a5efc63db080d9000a0761a48aba0af4725edcfb1f4aa6dbad1061d9a73a15b41946cce8323292eb1a3f005d16808124744af0ca58e3a

    • SSDEEP

      3072:U50HS507oc4dGBTT1Bjz+8qbHUDJ48z3F5KWqXBCPE:i3c9xBjz+yOo5Kw

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks