General

  • Target

    file.exe

  • Size

    327KB

  • Sample

    230616-cgn35acb9t

  • MD5

    c0f1ad8e4509bf82f5d9a2dad26007a2

  • SHA1

    272521fc0cca11d57de27bbee8e82735cf2354aa

  • SHA256

    441bb4d4e051b2c79398a8cd8aa996a8694c6ddc8ac8b1442c69c469f4cb74b5

  • SHA512

    b0fbd7a877dd4ed579f6969428b0a05066cfcd5bff4066f2af075a19aa36b316d98df137a078958e1239bbd794ee19e3e89475f55287f973c283d88661306dd4

  • SSDEEP

    6144:omycZaHdH+0eqGTFE5LlGTy1Ak3tKxz6am099crDoH:omhZa9reqOE5LlGTyfPw

Malware Config

Extracted

Family

redline

Botnet

@Germany

C2

185.81.68.115:2920

Attributes
  • auth_value

    9d15d78194367a949e54a07d6ce02c62

Targets

    • Target

      file.exe

    • Size

      327KB

    • MD5

      c0f1ad8e4509bf82f5d9a2dad26007a2

    • SHA1

      272521fc0cca11d57de27bbee8e82735cf2354aa

    • SHA256

      441bb4d4e051b2c79398a8cd8aa996a8694c6ddc8ac8b1442c69c469f4cb74b5

    • SHA512

      b0fbd7a877dd4ed579f6969428b0a05066cfcd5bff4066f2af075a19aa36b316d98df137a078958e1239bbd794ee19e3e89475f55287f973c283d88661306dd4

    • SSDEEP

      6144:omycZaHdH+0eqGTFE5LlGTy1Ak3tKxz6am099crDoH:omhZa9reqOE5LlGTyfPw

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks