General

  • Target

    c87befb155b77369e637bff57c434eef30a09844c49e8782c0d8c95a5952e80c

  • Size

    410KB

  • Sample

    230224-fxsm2acd4w

  • MD5

    c549c17f9362fb952017788d6f2d7d02

  • SHA1

    847cc3a99988b5121750d2cddd8903dcca557175

  • SHA256

    c87befb155b77369e637bff57c434eef30a09844c49e8782c0d8c95a5952e80c

  • SHA512

    abefb610807dec86733c9b07e7d459c7ab0ae914102d52ee5dcd38c4023c21a3190146ce25c1bd8132f230d61c7f0e87cd4e4ff684d0835e07ee731a24a09118

  • SSDEEP

    6144:9rLFeUluUBiSkJ5gs9QX7hIhL4Mw5fz0UskTxOyC1DeQEeRtlpjERj0RFb1:lxeOxSJO97eOMwRzpTTYH1yteFpjEE

Malware Config

Extracted

Family

redline

Botnet

Hack

C2

154.17.165.178:10377

Attributes
  • auth_value

    50233687e98ee274b44a32fcc741f9a4

Targets

    • Target

      c87befb155b77369e637bff57c434eef30a09844c49e8782c0d8c95a5952e80c

    • Size

      410KB

    • MD5

      c549c17f9362fb952017788d6f2d7d02

    • SHA1

      847cc3a99988b5121750d2cddd8903dcca557175

    • SHA256

      c87befb155b77369e637bff57c434eef30a09844c49e8782c0d8c95a5952e80c

    • SHA512

      abefb610807dec86733c9b07e7d459c7ab0ae914102d52ee5dcd38c4023c21a3190146ce25c1bd8132f230d61c7f0e87cd4e4ff684d0835e07ee731a24a09118

    • SSDEEP

      6144:9rLFeUluUBiSkJ5gs9QX7hIhL4Mw5fz0UskTxOyC1DeQEeRtlpjERj0RFb1:lxeOxSJO97eOMwRzpTTYH1yteFpjEE

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks