General

  • Target

    932e06ef373d93ea1cde5e4fef13d321e5ce8b3b707be937e87264fb64c3a545

  • Size

    416KB

  • Sample

    230202-ltzvtsff99

  • MD5

    edcef5c438b6dcc5577fddda5ed4d3a8

  • SHA1

    fe528c9c99f71b5b57135e78e75930709adb00c0

  • SHA256

    932e06ef373d93ea1cde5e4fef13d321e5ce8b3b707be937e87264fb64c3a545

  • SHA512

    752c18bfabe0ce1f5332c3ad09c796acf506315fe857699fde0ee55d3de042339ba7bebed99f51d588a1711d7baea954540681d8a9d2f45fd58ec78ff9cffcaa

  • SSDEEP

    12288:yuOPg6ULiv3/tptEjL6EPybrhc9CJb7d5:RUgBLm3VptEvnj9qb7d5

Malware Config

Extracted

Family

redline

Botnet

milaf

C2

193.233.20.5:4136

Attributes
  • auth_value

    68aaee25afe3d0ae7d4db09dea02347c

Targets

    • Target

      932e06ef373d93ea1cde5e4fef13d321e5ce8b3b707be937e87264fb64c3a545

    • Size

      416KB

    • MD5

      edcef5c438b6dcc5577fddda5ed4d3a8

    • SHA1

      fe528c9c99f71b5b57135e78e75930709adb00c0

    • SHA256

      932e06ef373d93ea1cde5e4fef13d321e5ce8b3b707be937e87264fb64c3a545

    • SHA512

      752c18bfabe0ce1f5332c3ad09c796acf506315fe857699fde0ee55d3de042339ba7bebed99f51d588a1711d7baea954540681d8a9d2f45fd58ec78ff9cffcaa

    • SSDEEP

      12288:yuOPg6ULiv3/tptEjL6EPybrhc9CJb7d5:RUgBLm3VptEvnj9qb7d5

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks