General

  • Target

    1ca8f444f95c2cd9817ce6ab789513e55629c0e0ac0d2b7b552d402517e7cfe9

  • Size

    300KB

  • Sample

    240112-2xg27agbe7

  • MD5

    2c470494b6dc68b2346e42542d80a0fd

  • SHA1

    87ce1483571bf04d67be4c8cb12fb7dfef4ba299

  • SHA256

    1ca8f444f95c2cd9817ce6ab789513e55629c0e0ac0d2b7b552d402517e7cfe9

  • SHA512

    c07332228810928b01aba94119e0f93339c08e55ad656d2eaff5c7647e42bbf5ab529232163fb1bbd14af3331a49d0fb537cfb5eb83565f674155e53d4ae41b5

  • SSDEEP

    3072:s29LP/YAQlW30GLsmAwNr12pGuhTMo1syKXFWnO3TRGfx01h7AykPMRqT6Dv/Yi5:x2dmA42gST981BcxKBA9PMRqT6D4wL

Malware Config

Extracted

Family

redline

Botnet

2024

C2

195.20.16.103:20440

Targets

    • Target

      1ca8f444f95c2cd9817ce6ab789513e55629c0e0ac0d2b7b552d402517e7cfe9

    • Size

      300KB

    • MD5

      2c470494b6dc68b2346e42542d80a0fd

    • SHA1

      87ce1483571bf04d67be4c8cb12fb7dfef4ba299

    • SHA256

      1ca8f444f95c2cd9817ce6ab789513e55629c0e0ac0d2b7b552d402517e7cfe9

    • SHA512

      c07332228810928b01aba94119e0f93339c08e55ad656d2eaff5c7647e42bbf5ab529232163fb1bbd14af3331a49d0fb537cfb5eb83565f674155e53d4ae41b5

    • SSDEEP

      3072:s29LP/YAQlW30GLsmAwNr12pGuhTMo1syKXFWnO3TRGfx01h7AykPMRqT6Dv/Yi5:x2dmA42gST981BcxKBA9PMRqT6D4wL

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks