General

  • Target

    0x000700000001448a-199.dat

  • Size

    173KB

  • Sample

    230610-26h1vaga36

  • MD5

    16e9e18a21e2089925855fe0efcccf1c

  • SHA1

    1a4aac8d94e87de0717ab5d101510d49e07d20ac

  • SHA256

    eb97eed5c2bc0857e6904ff06e4da8f4345b42253620d3bdf30ec14b11ac8485

  • SHA512

    45b62ac8884b44b2bbdfa448320cd580f52c593e9848007cd55f5784adc32ee77d0b6d5277872ed48f01bad418ea7e6bda7bc327486c6337145db56cb933e605

  • SSDEEP

    3072:crbYm66HKzLSFYuxN4eCeWC/qUq8e8hh:ObYn/SelW/qUq

Malware Config

Extracted

Family

redline

Botnet

dast

C2

83.97.73.129:19068

Attributes
  • auth_value

    17d71bf1a3f93284f5848e00b0dd8222

Targets

    • Target

      0x000700000001448a-199.dat

    • Size

      173KB

    • MD5

      16e9e18a21e2089925855fe0efcccf1c

    • SHA1

      1a4aac8d94e87de0717ab5d101510d49e07d20ac

    • SHA256

      eb97eed5c2bc0857e6904ff06e4da8f4345b42253620d3bdf30ec14b11ac8485

    • SHA512

      45b62ac8884b44b2bbdfa448320cd580f52c593e9848007cd55f5784adc32ee77d0b6d5277872ed48f01bad418ea7e6bda7bc327486c6337145db56cb933e605

    • SSDEEP

      3072:crbYm66HKzLSFYuxN4eCeWC/qUq8e8hh:ObYn/SelW/qUq

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks