General
-
Target
27955c80c620c31df686ccd2a92bce1d07e97c16fda6bd141812e9b0bdd7b06b.exe
-
Size
304KB
-
Sample
240726-wyx7xazble
-
MD5
a9a37926c6d3ab63e00b12760fae1e73
-
SHA1
944d6044e111bbad742d06852c3ed2945dc9e051
-
SHA256
27955c80c620c31df686ccd2a92bce1d07e97c16fda6bd141812e9b0bdd7b06b
-
SHA512
575485d1c53b1bf145c7385940423b16089cf9ab75404e2e9c7af42b594480470f0e28dadcddbd66e4cd469e45326a6eb4eb2362ccc37edb2a956d224e04cf97
-
SSDEEP
3072:aq6EgY6iQrUjGk14lwPK4qw9LwwPITAztASKwlcZqf7D34leqiOLibBOh:ZqY6iwwPIknATAZA+lcZqf7DIvL
Malware Config
Extracted
redline
25072023
185.215.113.67:40960
Targets
-
-
Target
27955c80c620c31df686ccd2a92bce1d07e97c16fda6bd141812e9b0bdd7b06b.exe
-
Size
304KB
-
MD5
a9a37926c6d3ab63e00b12760fae1e73
-
SHA1
944d6044e111bbad742d06852c3ed2945dc9e051
-
SHA256
27955c80c620c31df686ccd2a92bce1d07e97c16fda6bd141812e9b0bdd7b06b
-
SHA512
575485d1c53b1bf145c7385940423b16089cf9ab75404e2e9c7af42b594480470f0e28dadcddbd66e4cd469e45326a6eb4eb2362ccc37edb2a956d224e04cf97
-
SSDEEP
3072:aq6EgY6iQrUjGk14lwPK4qw9LwwPITAztASKwlcZqf7D34leqiOLibBOh:ZqY6iwwPIknATAZA+lcZqf7DIvL
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Matrix ATT&CK v13
Defense Evasion
Subvert Trust Controls
1Install Root Certificate
1Modify Registry
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2