General

  • Target

    6ed5a97b3f971ce2831bbe20d620fb48496e9d25972b00c276e83007264b4cfc

  • Size

    361KB

  • Sample

    220925-gelbnsegck

  • MD5

    fdab7e215a90ba7ef46987358a423751

  • SHA1

    0e63ac66badb1d7379b6b1df408df4bbd304a930

  • SHA256

    6ed5a97b3f971ce2831bbe20d620fb48496e9d25972b00c276e83007264b4cfc

  • SHA512

    f4f417fdcc03fa8e63efe4b8d7b7f4e10492027427e1826ea4d544a4c63e3126021cd536697d60a4e7cb01128c22d902088aa45b08c8471b1e6b88f63f562843

  • SSDEEP

    6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv

Malware Config

Extracted

Family

redline

Botnet

0002

C2

13.72.81.58:13413

Attributes
  • auth_value

    866ce0ed8cfe2be77fb43a4912677698

Targets

    • Target

      6ed5a97b3f971ce2831bbe20d620fb48496e9d25972b00c276e83007264b4cfc

    • Size

      361KB

    • MD5

      fdab7e215a90ba7ef46987358a423751

    • SHA1

      0e63ac66badb1d7379b6b1df408df4bbd304a930

    • SHA256

      6ed5a97b3f971ce2831bbe20d620fb48496e9d25972b00c276e83007264b4cfc

    • SHA512

      f4f417fdcc03fa8e63efe4b8d7b7f4e10492027427e1826ea4d544a4c63e3126021cd536697d60a4e7cb01128c22d902088aa45b08c8471b1e6b88f63f562843

    • SSDEEP

      6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks