General

  • Target

    9a7af5cb210dfe06be7c033cf7bed013a52ea49ff997d35b68a5a72c5d7323ee

  • Size

    375KB

  • Sample

    230328-jhk67abd9w

  • MD5

    95521116ff6a6ede878ad9fb01d96a47

  • SHA1

    a7e82c2d2c0275af63665c5b37f85e715255ebc2

  • SHA256

    9a7af5cb210dfe06be7c033cf7bed013a52ea49ff997d35b68a5a72c5d7323ee

  • SHA512

    33b8fc4fea84b21d246a0ecd9a2c5917639dd12405237da0849c044b7d26fc97aec54b9706f88e294b781ce1a842727e9ad6f9bf76b1720a26dc6a903e9d4c3f

  • SSDEEP

    6144:+D4UMC+/w5oSQG676uYzCs0L0UyldMfXPiJfeATNCCbykbgv:+D4UMCCw5+7jYWvL0UgdCPjAT4Vr

Malware Config

Extracted

Family

redline

Botnet

@Germany

C2

185.11.61.125:22344

Attributes
  • auth_value

    9d15d78194367a949e54a07d6ce02c62

Targets

    • Target

      9a7af5cb210dfe06be7c033cf7bed013a52ea49ff997d35b68a5a72c5d7323ee

    • Size

      375KB

    • MD5

      95521116ff6a6ede878ad9fb01d96a47

    • SHA1

      a7e82c2d2c0275af63665c5b37f85e715255ebc2

    • SHA256

      9a7af5cb210dfe06be7c033cf7bed013a52ea49ff997d35b68a5a72c5d7323ee

    • SHA512

      33b8fc4fea84b21d246a0ecd9a2c5917639dd12405237da0849c044b7d26fc97aec54b9706f88e294b781ce1a842727e9ad6f9bf76b1720a26dc6a903e9d4c3f

    • SSDEEP

      6144:+D4UMC+/w5oSQG676uYzCs0L0UyldMfXPiJfeATNCCbykbgv:+D4UMCCw5+7jYWvL0UgdCPjAT4Vr

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

1
T1005

Tasks