General

  • Target

    tmp

  • Size

    137KB

  • Sample

    221203-fg1npsfc72

  • MD5

    95f87c3bbcfa9a231f2cec0db2d77662

  • SHA1

    24ef6df0be4c0a48ff861971c0f583f58e81f180

  • SHA256

    819dfffdbfe373432e042591499367839cc4a2a9f195571e2926aa2a0d152ecd

  • SHA512

    1396f52d2c43b1518b278804d62fd00c77ae2ce4a5aae8054ad12cffa7a7dfadfcc779b1685fcb96964f2d29c2a66226714a49c03fc15756f1b4c3c28919cf09

  • SSDEEP

    3072:5YO/ZMTFx9+Co4TVGS91dxGh/iWFxyRXchVSSwu:5YMZMBx9Zouvc/iXBch

Malware Config

Extracted

Family

redline

Botnet

1

C2

79.137.196.94:48705

Attributes
  • auth_value

    6a4b05ef943a0dd801fd01dfbb9eb717

Targets

    • Target

      tmp

    • Size

      137KB

    • MD5

      95f87c3bbcfa9a231f2cec0db2d77662

    • SHA1

      24ef6df0be4c0a48ff861971c0f583f58e81f180

    • SHA256

      819dfffdbfe373432e042591499367839cc4a2a9f195571e2926aa2a0d152ecd

    • SHA512

      1396f52d2c43b1518b278804d62fd00c77ae2ce4a5aae8054ad12cffa7a7dfadfcc779b1685fcb96964f2d29c2a66226714a49c03fc15756f1b4c3c28919cf09

    • SSDEEP

      3072:5YO/ZMTFx9+Co4TVGS91dxGh/iWFxyRXchVSSwu:5YMZMBx9Zouvc/iXBch

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks