General

  • Target

    file

  • Size

    219KB

  • Sample

    231117-tmng8aag52

  • MD5

    5eea3c3e6eed0e15adffe67740046beb

  • SHA1

    a280848b1891466015cb065e354f49d5101468d8

  • SHA256

    6edc4cf5a676d8592ad06a2fd42f1153b093e2a8d4e1bd13d8c0ad2ef88d51b5

  • SHA512

    5d9255630c80bde682d3cfd642c882ae809d31d3a69022ef1cd9593a5d07b8a1ec2ea12e82bc8acd823f818259732ba1b0b20251e84b515ccc6893e1809d582e

  • SSDEEP

    3072:G8R+sV7KNgczVC/TrP0JakjSlJjRSdm11S3weY2KSY:dR5V7KNgcJ+rP0TSlJ0g11SAbJ

Malware Config

Extracted

Family

redline

Botnet

sq1

C2

194.169.175.220:30615

Targets

    • Target

      file

    • Size

      219KB

    • MD5

      5eea3c3e6eed0e15adffe67740046beb

    • SHA1

      a280848b1891466015cb065e354f49d5101468d8

    • SHA256

      6edc4cf5a676d8592ad06a2fd42f1153b093e2a8d4e1bd13d8c0ad2ef88d51b5

    • SHA512

      5d9255630c80bde682d3cfd642c882ae809d31d3a69022ef1cd9593a5d07b8a1ec2ea12e82bc8acd823f818259732ba1b0b20251e84b515ccc6893e1809d582e

    • SSDEEP

      3072:G8R+sV7KNgczVC/TrP0JakjSlJjRSdm11S3weY2KSY:dR5V7KNgcJ+rP0TSlJ0g11SAbJ

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks