General

  • Target

    f8086505.exe

  • Size

    172KB

  • Sample

    230612-e99xeabd31

  • MD5

    6a5722a1874b3243058b54c30ecf7992

  • SHA1

    2132375423ecf7c3b9a396abb9cf32e6b4dcc143

  • SHA256

    a315335b3aa261cfb29b4198d9aee51202cce30efb1d184f4d8f943ec5f769d5

  • SHA512

    0f0a2ea7d32cd49938bacbc2975c9e5159ce250c1beb16b5b779e1ff3bfc74a5c4ce37369b380ee66fe330a254b4caf7cd127c8bc9e299241e4796b4708f3458

  • SSDEEP

    3072:qhiSbCnywYdhlHTzBQxNVGVbtlQn8e8hX:UiSbVFp22lQn

Malware Config

Extracted

Family

redline

Botnet

doro

C2

83.97.73.129:19068

Attributes
  • auth_value

    03f411441fb3fa233179c2cc8ffbce27

Targets

    • Target

      f8086505.exe

    • Size

      172KB

    • MD5

      6a5722a1874b3243058b54c30ecf7992

    • SHA1

      2132375423ecf7c3b9a396abb9cf32e6b4dcc143

    • SHA256

      a315335b3aa261cfb29b4198d9aee51202cce30efb1d184f4d8f943ec5f769d5

    • SHA512

      0f0a2ea7d32cd49938bacbc2975c9e5159ce250c1beb16b5b779e1ff3bfc74a5c4ce37369b380ee66fe330a254b4caf7cd127c8bc9e299241e4796b4708f3458

    • SSDEEP

      3072:qhiSbCnywYdhlHTzBQxNVGVbtlQn8e8hX:UiSbVFp22lQn

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks