General

  • Target

    b2c00c914ff4416907380cb938fef25b62837723a87726c3551be35860ee9393

  • Size

    267KB

  • Sample

    230616-nhzrsseg39

  • MD5

    e3cb4fe969159a9a5e9a1e5782179417

  • SHA1

    0735942245a4cdcef16788469f7bb47590cb84ed

  • SHA256

    b2c00c914ff4416907380cb938fef25b62837723a87726c3551be35860ee9393

  • SHA512

    c6a5cb381002003d58a754f423b2a7386db3eb8e93ebbfc8fc7c57e5d352e05d3d17531e7f34b31a9d7962a56dd518b10590268e9498c4bae23703b113a86818

  • SSDEEP

    3072:yFVdIIow+0ZdyyRraH2IbRBOmjHgwSvCHTMrVNxRgmlz1ofAx:b4+h2IbemjAwzIrZRgmlzK

Malware Config

Extracted

Family

redline

Botnet

joker

C2

83.97.73.130:19061

Attributes
  • auth_value

    a98d303cc28bb3b32a23c59214ae3bc0

Targets

    • Target

      b2c00c914ff4416907380cb938fef25b62837723a87726c3551be35860ee9393

    • Size

      267KB

    • MD5

      e3cb4fe969159a9a5e9a1e5782179417

    • SHA1

      0735942245a4cdcef16788469f7bb47590cb84ed

    • SHA256

      b2c00c914ff4416907380cb938fef25b62837723a87726c3551be35860ee9393

    • SHA512

      c6a5cb381002003d58a754f423b2a7386db3eb8e93ebbfc8fc7c57e5d352e05d3d17531e7f34b31a9d7962a56dd518b10590268e9498c4bae23703b113a86818

    • SSDEEP

      3072:yFVdIIow+0ZdyyRraH2IbRBOmjHgwSvCHTMrVNxRgmlz1ofAx:b4+h2IbemjAwzIrZRgmlzK

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

1
T1005

Tasks