General

  • Target

    198fb046e30bf3991f698eb296859c4c5b1249ccb2f268cc4107dc472ad66d87

  • Size

    303KB

  • Sample

    221204-vxtbwsac88

  • MD5

    c8dc4f98b599cc997074420669eb9f63

  • SHA1

    307c204d6b4f5d3246022d00c247f980c302afaa

  • SHA256

    de948a8945a497fe9dbdd1e31e7936c622f73087b38f42ead56d0c0077f4a7ed

  • SHA512

    5b23ea4e8e534628438e9c0e340aadcb93f7dd220f8fe441f6489b738c17c904a18a770c9da5b1e8f8828da8e8df9b3c246abb290e5a4d4f3c825ca4016ca100

  • SSDEEP

    6144:31g4XxgShJePvfR4lkiyEw/LLwEnlST1RbqUhDU7oUDyhIsro6+QxYCpyxr:C4eQAPv9d1DLw/XWUhw/Dyrx7Ur

Malware Config

Extracted

Family

redline

Botnet

NewDef2023

C2

185.106.92.214:2510

Attributes
  • auth_value

    048f34b18865578890538db10b2e9edf

Targets

    • Target

      198fb046e30bf3991f698eb296859c4c5b1249ccb2f268cc4107dc472ad66d87

    • Size

      459KB

    • MD5

      b0a20a2f6a79f9773374de2933842093

    • SHA1

      21a95d3952dceb1bc16292a7dac158bca3197346

    • SHA256

      198fb046e30bf3991f698eb296859c4c5b1249ccb2f268cc4107dc472ad66d87

    • SHA512

      e8307dcb4c63e33851513017e6b11e244bbe1a61953243afb42ba6dafb83ee53f0120eec32fcb3d32ea51133d5d4824503261eaa34721d5a3796a51e98e6c936

    • SSDEEP

      6144:sTdmIxLcApQzpPBfePvfR4lkiyKw/LLwEnzST11bqUhD07oUDyhOYuRjMgU:ssmZQzKPv9dHDLwzXWUh4/DyARQg

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks