General

  • Target

    a5c24bf163f40eeb47ad12aada03cba2.bin

  • Size

    396KB

  • Sample

    240408-b22dhsch81

  • MD5

    ce5d940dbf3bd882570365890afe7441

  • SHA1

    6b3d951079c0fef0b0756cf217e5901b5b5e485f

  • SHA256

    76a6587dfa699fe67623cb9a62dfb8982fa3c23f8e21da43930993af310bf98b

  • SHA512

    9810e75e54a39750a193bc8f4864ab40f0d63603b2824474030b1d8fc263426150ff2fd66d3d7630e944335bd13c0af6c1f0cf41864c7f5245714bc384327231

  • SSDEEP

    12288:B10gsUK9Y3AQVpC5TyKniY/f4VLxrl3kPn:z0g3ggk5ZnwXlUPn

Malware Config

Targets

    • Target

      88f9eb586f66f57f77ebc7164594547ce881999f525878161c49e205476a04b1.exe

    • Size

      945KB

    • MD5

      a5c24bf163f40eeb47ad12aada03cba2

    • SHA1

      c46819b55c1493c021ca69fcb219650949b6893e

    • SHA256

      88f9eb586f66f57f77ebc7164594547ce881999f525878161c49e205476a04b1

    • SHA512

      1f46271210d6bf7a0e23af8d171c6924e3b95474efa20f61aa41355f70c90119864154614d625e50db9fb7d5751fa57aa327e753f660218d8a87d39786d58e6c

    • SSDEEP

      12288:qp/gJFd/4LJ7QvyRlyB0h2LZUeqELMqtxz4fafR7iiDXSB53ofEF/vblU:s/UFC7YyRABcaUeqvq3iIo/vJ

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks