General

  • Target

    6a60515816df6f3e068311261addb68246ff784d729709355affc3351ce42586

  • Size

    405KB

  • Sample

    221106-ysxejacccn

  • MD5

    597761b6683669e1e9d1283008dfa331

  • SHA1

    141ea5c61c74e990619c4bf1c0e7f916877849a3

  • SHA256

    6a60515816df6f3e068311261addb68246ff784d729709355affc3351ce42586

  • SHA512

    8b07bbcef14cdb4b083a6613d83f3564efb296a1d2aa5a1397c9f2841840bbc3d6865d1c44184fa60d33b25ddf4fd8b0dad50460d35f079f67838a2c017a32e5

  • SSDEEP

    6144:wI1np/PG+W6xeIcBIytOH61PBwolAXM9kmt7vFz9XaWEJR70Zf3ChYJ:pnp1Fe1u61JVt9ntrB9qWch8

Malware Config

Extracted

Family

redline

Botnet

suk

C2

193.106.191.25:47242

Attributes
  • auth_value

    9762d5bcad64c7855837e80c232c7e77

Targets

    • Target

      6a60515816df6f3e068311261addb68246ff784d729709355affc3351ce42586

    • Size

      405KB

    • MD5

      597761b6683669e1e9d1283008dfa331

    • SHA1

      141ea5c61c74e990619c4bf1c0e7f916877849a3

    • SHA256

      6a60515816df6f3e068311261addb68246ff784d729709355affc3351ce42586

    • SHA512

      8b07bbcef14cdb4b083a6613d83f3564efb296a1d2aa5a1397c9f2841840bbc3d6865d1c44184fa60d33b25ddf4fd8b0dad50460d35f079f67838a2c017a32e5

    • SSDEEP

      6144:wI1np/PG+W6xeIcBIytOH61PBwolAXM9kmt7vFz9XaWEJR70Zf3ChYJ:pnp1Fe1u61JVt9ntrB9qWch8

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks