General

  • Target

    f7b57a665ac90377683c434a04b8b6894c369d34fdb03273778a8c9f8fdbb262

  • Size

    304KB

  • Sample

    240812-fsz7bawhrm

  • MD5

    1b099f749669dfe00b4177988018fc40

  • SHA1

    c007e18cbe95b286b146531a01dde05127ebd747

  • SHA256

    f7b57a665ac90377683c434a04b8b6894c369d34fdb03273778a8c9f8fdbb262

  • SHA512

    87dc26b28cb2c43c788d9ae9ef384b69be52b27500bc23cdc6acc8567e51705d99ef942cdc0b23fa6a7c84d4ddaaa8f05865a8e7bb4ad943ba5deabf7a4105fd

  • SSDEEP

    3072:Oq6EgY6iwrUjdy68KwPMCqJRn7cTAVtAaK0FcZqf7D341eqiOLibBOU:1qY6ihwPIzn7cTAbAqFcZqf7DIfL

Malware Config

Extracted

Family

redline

C2

185.215.113.9:12617

Targets

    • Target

      f7b57a665ac90377683c434a04b8b6894c369d34fdb03273778a8c9f8fdbb262

    • Size

      304KB

    • MD5

      1b099f749669dfe00b4177988018fc40

    • SHA1

      c007e18cbe95b286b146531a01dde05127ebd747

    • SHA256

      f7b57a665ac90377683c434a04b8b6894c369d34fdb03273778a8c9f8fdbb262

    • SHA512

      87dc26b28cb2c43c788d9ae9ef384b69be52b27500bc23cdc6acc8567e51705d99ef942cdc0b23fa6a7c84d4ddaaa8f05865a8e7bb4ad943ba5deabf7a4105fd

    • SSDEEP

      3072:Oq6EgY6iwrUjdy68KwPMCqJRn7cTAVtAaK0FcZqf7D341eqiOLibBOU:1qY6ihwPIzn7cTAbAqFcZqf7DIfL

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks