General

  • Target

    0x000800000001230f-1061.dat

  • Size

    175KB

  • Sample

    230328-kwhhwsaa39

  • MD5

    8898a9e87600a29c96e6bb71889af25b

  • SHA1

    4b9c607287be6921cdfd716129c0285cc52be5a0

  • SHA256

    ed00e91258465096f48ad58e70a49cecb633a7bf313d8d0b5c8bb9ca81568c0a

  • SHA512

    5795b7ea9d6ee97b8818335a5917341d6a2684022704be32be90af2f32b559a9a6ca0dc0466790f3894ec980b373bd5ff7cb84682145d6ca4f2c18b8133ddbe2

  • SSDEEP

    3072:jxqZWRZaPkOQ3TjmTseesFqh+XxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOuwh:1qZoTjalqh

Malware Config

Extracted

Family

redline

Botnet

renta

C2

176.113.115.145:4125

Attributes
  • auth_value

    359596fd5b36e9925ade4d9a1846bafb

Targets

    • Target

      0x000800000001230f-1061.dat

    • Size

      175KB

    • MD5

      8898a9e87600a29c96e6bb71889af25b

    • SHA1

      4b9c607287be6921cdfd716129c0285cc52be5a0

    • SHA256

      ed00e91258465096f48ad58e70a49cecb633a7bf313d8d0b5c8bb9ca81568c0a

    • SHA512

      5795b7ea9d6ee97b8818335a5917341d6a2684022704be32be90af2f32b559a9a6ca0dc0466790f3894ec980b373bd5ff7cb84682145d6ca4f2c18b8133ddbe2

    • SSDEEP

      3072:jxqZWRZaPkOQ3TjmTseesFqh+XxNn2pU9f2MKTV/wi4lr55R9TxlnsPsUw0jOuwh:1qZoTjalqh

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks