General

  • Target

    a9d098e9a73fa5f1240d7b00540fa54472863eac62df2.exe

  • Size

    297KB

  • Sample

    240708-d5wzbasglc

  • MD5

    6af0d257379359b8573fa70c242ccb57

  • SHA1

    5bed79e1eb4e65d717f859997773c67fa1af2f99

  • SHA256

    a9d098e9a73fa5f1240d7b00540fa54472863eac62df23fe50e84f1b4c045d91

  • SHA512

    35a19b44a2d2a0763cdee5444b2dd5f9ff02357b17fb67a93ec8b594465932c2346289e11ea3ca5e264d5e1bd176e2e96a6cfe1fe6cd2a89fbf86726c1681a48

  • SSDEEP

    3072:oqFFrqwIOGRHy9MGSwTcrCXi0NrskhdNX3TZ0fHIucZqf7D34NeqiOLCbBO8:7BIOGPrCX5dV3TZi/cZqf7DI3L

Malware Config

Extracted

Family

redline

Botnet

LOG_VNC

C2

51.81.126.51:3888

Targets

    • Target

      a9d098e9a73fa5f1240d7b00540fa54472863eac62df2.exe

    • Size

      297KB

    • MD5

      6af0d257379359b8573fa70c242ccb57

    • SHA1

      5bed79e1eb4e65d717f859997773c67fa1af2f99

    • SHA256

      a9d098e9a73fa5f1240d7b00540fa54472863eac62df23fe50e84f1b4c045d91

    • SHA512

      35a19b44a2d2a0763cdee5444b2dd5f9ff02357b17fb67a93ec8b594465932c2346289e11ea3ca5e264d5e1bd176e2e96a6cfe1fe6cd2a89fbf86726c1681a48

    • SSDEEP

      3072:oqFFrqwIOGRHy9MGSwTcrCXi0NrskhdNX3TZ0fHIucZqf7D34NeqiOLCbBO8:7BIOGPrCX5dV3TZi/cZqf7DI3L

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks