General

  • Target

    8f8cb0e937f29b24d354ace9296548614ca79d179a4f129aff1aecd0e687e4ee

  • Size

    315KB

  • Sample

    230331-xpvk4acf54

  • MD5

    d7cd837d2060e3a8ae879005dfe2d174

  • SHA1

    ac9b97dbf14d7bdb8cea1390a80e5553da143028

  • SHA256

    8f8cb0e937f29b24d354ace9296548614ca79d179a4f129aff1aecd0e687e4ee

  • SHA512

    9093a22284983466e783d0797c7a63d19c052b8223b818c28288732e0e1a349ec0594ad96e968467cd16b0f6dd1c4ad69c529055c19a4753c8c0ec348e048739

  • SSDEEP

    6144:fq06by/6oO6CIIBT9O7odGsVXw86u+MvQ+iM2GIVC:R/BO6RI99O7odR+MvjzI

Malware Config

Extracted

Family

redline

Botnet

@Germany

C2

185.11.61.125:22344

Attributes
  • auth_value

    9d15d78194367a949e54a07d6ce02c62

Targets

    • Target

      8f8cb0e937f29b24d354ace9296548614ca79d179a4f129aff1aecd0e687e4ee

    • Size

      315KB

    • MD5

      d7cd837d2060e3a8ae879005dfe2d174

    • SHA1

      ac9b97dbf14d7bdb8cea1390a80e5553da143028

    • SHA256

      8f8cb0e937f29b24d354ace9296548614ca79d179a4f129aff1aecd0e687e4ee

    • SHA512

      9093a22284983466e783d0797c7a63d19c052b8223b818c28288732e0e1a349ec0594ad96e968467cd16b0f6dd1c4ad69c529055c19a4753c8c0ec348e048739

    • SSDEEP

      6144:fq06by/6oO6CIIBT9O7odGsVXw86u+MvQ+iM2GIVC:R/BO6RI99O7odR+MvjzI

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

1
T1005

Tasks