General

  • Target

    cdd87c9bd2522eb8864be8162c842b8a5317e43cc110f21d91d49ea362e4ba92

  • Size

    348KB

  • Sample

    230321-26e9ysdf43

  • MD5

    28fae6e3f6eaf6826d163f48f2aa96bd

  • SHA1

    80e8a8d74cfdda79e6750a0914425adef6dc49de

  • SHA256

    cdd87c9bd2522eb8864be8162c842b8a5317e43cc110f21d91d49ea362e4ba92

  • SHA512

    cb6f1d56e329a42a702f69a9bef6d0b4531fc1ce6027bc997c6e9827d3c4e9865c5ffba89077b7ed964b3a81f2ba8d992912c6050b972810ca53a6f3474578c3

  • SSDEEP

    6144:RIE8HuLKLG0U6HAPtDfGZPhA/1K+qLuUrcsw/i8PxavC7S+cZ:RSuLKi0U6HAlD+vA9K+q9v18PAKGR

Malware Config

Extracted

Family

redline

Botnet

@Germany

C2

185.11.61.125:22344

Attributes
  • auth_value

    9d15d78194367a949e54a07d6ce02c62

Targets

    • Target

      cdd87c9bd2522eb8864be8162c842b8a5317e43cc110f21d91d49ea362e4ba92

    • Size

      348KB

    • MD5

      28fae6e3f6eaf6826d163f48f2aa96bd

    • SHA1

      80e8a8d74cfdda79e6750a0914425adef6dc49de

    • SHA256

      cdd87c9bd2522eb8864be8162c842b8a5317e43cc110f21d91d49ea362e4ba92

    • SHA512

      cb6f1d56e329a42a702f69a9bef6d0b4531fc1ce6027bc997c6e9827d3c4e9865c5ffba89077b7ed964b3a81f2ba8d992912c6050b972810ca53a6f3474578c3

    • SSDEEP

      6144:RIE8HuLKLG0U6HAPtDfGZPhA/1K+qLuUrcsw/i8PxavC7S+cZ:RSuLKi0U6HAlD+vA9K+q9v18PAKGR

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks