General

  • Target

    3fead61b64db9469b091bb61ec3b667efc0646f041c3399e15d2d09f505a2554

  • Size

    361KB

  • Sample

    220925-glm4vadeb4

  • MD5

    1c3f1befe24ae922b85d9f803648fee9

  • SHA1

    3177ba707ccec2ca2eef3e422a65b4a8e655ebc6

  • SHA256

    3fead61b64db9469b091bb61ec3b667efc0646f041c3399e15d2d09f505a2554

  • SHA512

    ff21826426481a7a2914152533cea31fcf65eadc50dc84b25aba1de126886c4e06d9c10b97c2a5ec27d990b82796d3771f1010dd7f7566d110f3b4322a9c8d5e

  • SSDEEP

    6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv

Malware Config

Extracted

Family

redline

Botnet

0002

C2

13.72.81.58:13413

Attributes
  • auth_value

    866ce0ed8cfe2be77fb43a4912677698

Targets

    • Target

      3fead61b64db9469b091bb61ec3b667efc0646f041c3399e15d2d09f505a2554

    • Size

      361KB

    • MD5

      1c3f1befe24ae922b85d9f803648fee9

    • SHA1

      3177ba707ccec2ca2eef3e422a65b4a8e655ebc6

    • SHA256

      3fead61b64db9469b091bb61ec3b667efc0646f041c3399e15d2d09f505a2554

    • SHA512

      ff21826426481a7a2914152533cea31fcf65eadc50dc84b25aba1de126886c4e06d9c10b97c2a5ec27d990b82796d3771f1010dd7f7566d110f3b4322a9c8d5e

    • SSDEEP

      6144:eEaXBUcN2BRrn1fH0N6GkBut5adsSEK69yDPhSjYlakxjTLVqoARRSTZAPdg+:/aRDNoVJKRtUdsSEK69yDPhSjYlakxjv

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks