General

  • Target

    file

  • Size

    894KB

  • Sample

    230206-yz1qjaff99

  • MD5

    f6f9f20c6d8deb6b59771153ba09ea6e

  • SHA1

    b95a95a4a6bc28656c95c49f2df528c41cd0afa4

  • SHA256

    0c7e767a14e8e18e4764fb71e0af2f50a556c7ec6f900ac486d656067835c2f9

  • SHA512

    45edcbdb9a37d5dd0cd05b8e274b944c250f842bed5bbeb171b66e32269f62fc823c9380aa8abe82a100328d52fd51e252a378a3b150d5866227270053e9e548

  • SSDEEP

    12288:3hJMAgttxlpdhVZNRqrLJS/3Am07Kyv2uqg9YXNreTl/0bvtp:3hzrLJSISyv2uqg9Yo/6p

Malware Config

Extracted

Family

redline

Botnet

new

C2

212.8.246.130:18556

Attributes
  • auth_value

    f6b61af86ca1022111ea330530090926

Targets

    • Target

      file

    • Size

      894KB

    • MD5

      f6f9f20c6d8deb6b59771153ba09ea6e

    • SHA1

      b95a95a4a6bc28656c95c49f2df528c41cd0afa4

    • SHA256

      0c7e767a14e8e18e4764fb71e0af2f50a556c7ec6f900ac486d656067835c2f9

    • SHA512

      45edcbdb9a37d5dd0cd05b8e274b944c250f842bed5bbeb171b66e32269f62fc823c9380aa8abe82a100328d52fd51e252a378a3b150d5866227270053e9e548

    • SSDEEP

      12288:3hJMAgttxlpdhVZNRqrLJS/3Am07Kyv2uqg9YXNreTl/0bvtp:3hzrLJSISyv2uqg9Yo/6p

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks