General

  • Target

    file.exe

  • Size

    155KB

  • Sample

    221202-t7pwsaee98

  • MD5

    f9e5e8e28ee4775d810ba50b85b8cf65

  • SHA1

    9ee3208226dcc1f247861b06bff7e9793f1cc3fe

  • SHA256

    8609b2a6570708891a3182848a3bb3ec265b648399307200d61e59574c00efaf

  • SHA512

    0e4a749cb560c3438f47d0290fa06a1bf010cddc4553168ba49423f78191126a07badd896685caab559717625b5141c2ddac2e1fab52926dd2c0750d90cc27d8

  • SSDEEP

    3072:jSFZQkfSBwkQ+3Pt2kBjzPFXOcmaOtz3d62eonTQ+b:OALJHt5BjzQZtQ2esQ+b

Malware Config

Extracted

Family

redline

Botnet

Lyla.11.09

C2

185.215.113.216:21921

Attributes
  • auth_value

    a1e5192e588aa983d678ceb4d6e0d8b5

Targets

    • Target

      file.exe

    • Size

      155KB

    • MD5

      f9e5e8e28ee4775d810ba50b85b8cf65

    • SHA1

      9ee3208226dcc1f247861b06bff7e9793f1cc3fe

    • SHA256

      8609b2a6570708891a3182848a3bb3ec265b648399307200d61e59574c00efaf

    • SHA512

      0e4a749cb560c3438f47d0290fa06a1bf010cddc4553168ba49423f78191126a07badd896685caab559717625b5141c2ddac2e1fab52926dd2c0750d90cc27d8

    • SSDEEP

      3072:jSFZQkfSBwkQ+3Pt2kBjzPFXOcmaOtz3d62eonTQ+b:OALJHt5BjzQZtQ2esQ+b

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks