General

  • Target

    bf447368e9d3f0ec34cd63d370831979.bin

  • Size

    242KB

  • Sample

    230712-cae7msbe64

  • MD5

    d042ee2d89c8e1d5a08e77af1b018b89

  • SHA1

    c573557e3c02cd6d5717bdfe8410706fc353e110

  • SHA256

    c08971e5483033751200f7db2557b373c935fa4fee30eb2d33886150144a6270

  • SHA512

    04a8ee35bf5ae11217561cd7dfa54abf63154d0c4b6810f3ed2030f3d772ad33e6c53ec27e6bdc729a7a52636d6c572dded16fca2f9c3a72095be12f8465e8bd

  • SSDEEP

    6144:5qWFzy5r4+e2TejKvrINT7I3P1xSScyqfMwV2PKf9C/qT:wWJ2e2TrvUNvI37HcyqwKfs/G

Malware Config

Extracted

Family

redline

Botnet

@Germany

C2

194.26.135.162:2920

Attributes
  • auth_value

    9d15d78194367a949e54a07d6ce02c62

Targets

    • Target

      7868e7c5e31315e7bb442bafbbc16addfeb4bda998b404491976aa271fbb78ef.exe

    • Size

      328KB

    • MD5

      bf447368e9d3f0ec34cd63d370831979

    • SHA1

      6d1ed6f41e7d2b566fe26eedc778eb5582c4a7bd

    • SHA256

      7868e7c5e31315e7bb442bafbbc16addfeb4bda998b404491976aa271fbb78ef

    • SHA512

      63e9feafb1adc3f008474a5f66bd498fb62fa3e2719abca0a7668ed04fb194b8e0d5d00bb37ee316a9d5972182cda7520aaf21148a0b0ab903873c6a522d38a4

    • SSDEEP

      6144:Yh+KLEk1qBC7ZyyZ684FVdQqZNlbU4yalCHFU4+gb5gFlr:k+Kgk1x4XV93lQ4yalsU47b

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks