General

  • Target

    fe15159587b30b55007c4ad99cba929386209b64aa19a28cb3ff9b28f74c7ff1

  • Size

    399KB

  • Sample

    230202-m3zrvshg8t

  • MD5

    0ec61b221ab8f72bfaa28ccef40a0ee2

  • SHA1

    c392b83fc95630c2828a4ae644c402715a85e916

  • SHA256

    fe15159587b30b55007c4ad99cba929386209b64aa19a28cb3ff9b28f74c7ff1

  • SHA512

    254bc9c2f9817c180f96b03687caa1fc1de774382960f27805eac7476f40b05b4df2ba1d74084f5b7c496776e08da4ece5f0585caf0c1ab203ae73550f4bc717

  • SSDEEP

    6144:SodL3pYLOknp5aXPtLLOe/nAxhzgEpmOhZyDt3urqei8K69/CJTk637eQfnd5zB+:njcOIrglniuGmOSDteOmZ9CJb7d5Q

Malware Config

Extracted

Family

redline

Botnet

milaf

C2

193.233.20.5:4136

Attributes
  • auth_value

    68aaee25afe3d0ae7d4db09dea02347c

Targets

    • Target

      fe15159587b30b55007c4ad99cba929386209b64aa19a28cb3ff9b28f74c7ff1

    • Size

      399KB

    • MD5

      0ec61b221ab8f72bfaa28ccef40a0ee2

    • SHA1

      c392b83fc95630c2828a4ae644c402715a85e916

    • SHA256

      fe15159587b30b55007c4ad99cba929386209b64aa19a28cb3ff9b28f74c7ff1

    • SHA512

      254bc9c2f9817c180f96b03687caa1fc1de774382960f27805eac7476f40b05b4df2ba1d74084f5b7c496776e08da4ece5f0585caf0c1ab203ae73550f4bc717

    • SSDEEP

      6144:SodL3pYLOknp5aXPtLLOe/nAxhzgEpmOhZyDt3urqei8K69/CJTk637eQfnd5zB+:njcOIrglniuGmOSDteOmZ9CJb7d5Q

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks