General
-
Target
cookie250.exe
-
Size
304KB
-
Sample
240824-wpxj1svbqm
-
MD5
1b099f749669dfe00b4177988018fc40
-
SHA1
c007e18cbe95b286b146531a01dde05127ebd747
-
SHA256
f7b57a665ac90377683c434a04b8b6894c369d34fdb03273778a8c9f8fdbb262
-
SHA512
87dc26b28cb2c43c788d9ae9ef384b69be52b27500bc23cdc6acc8567e51705d99ef942cdc0b23fa6a7c84d4ddaaa8f05865a8e7bb4ad943ba5deabf7a4105fd
-
SSDEEP
3072:Oq6EgY6iwrUjdy68KwPMCqJRn7cTAVtAaK0FcZqf7D341eqiOLibBOU:1qY6ihwPIzn7cTAbAqFcZqf7DIfL
Malware Config
Extracted
redline
185.215.113.9:12617
Targets
-
-
Target
cookie250.exe
-
Size
304KB
-
MD5
1b099f749669dfe00b4177988018fc40
-
SHA1
c007e18cbe95b286b146531a01dde05127ebd747
-
SHA256
f7b57a665ac90377683c434a04b8b6894c369d34fdb03273778a8c9f8fdbb262
-
SHA512
87dc26b28cb2c43c788d9ae9ef384b69be52b27500bc23cdc6acc8567e51705d99ef942cdc0b23fa6a7c84d4ddaaa8f05865a8e7bb4ad943ba5deabf7a4105fd
-
SSDEEP
3072:Oq6EgY6iwrUjdy68KwPMCqJRn7cTAVtAaK0FcZqf7D341eqiOLibBOU:1qY6ihwPIzn7cTAbAqFcZqf7DIfL
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2