General
-
Target
9d1211b3869ca43840b7da1677b257ad37521aab47719c6fcfe343121760b746
-
Size
312KB
-
Sample
240911-z546kstfla
-
MD5
389881b424cf4d7ec66de13f01c7232a
-
SHA1
d3bc5a793c1b8910e1ecc762b69b3866e4c5ba78
-
SHA256
9d1211b3869ca43840b7da1677b257ad37521aab47719c6fcfe343121760b746
-
SHA512
2b9517d5d9d972e8754a08863a29e3d3e3cfde58e20d433c85546c2298aad50ac8b069cafd5abb3c86e24263d662c6e1ea23c0745a2668dfd215ddbdfbd1ab96
-
SSDEEP
6144:mmAUwI0Q3r6UBqC7e8O5rvH9MMoBfOWf6dX/mY9Row3:mmANIL3OUBqC7e15M/6d/Mw3
Malware Config
Extracted
redline
LiveTraffic
95.179.250.45:26212
Targets
-
-
Target
9d1211b3869ca43840b7da1677b257ad37521aab47719c6fcfe343121760b746
-
Size
312KB
-
MD5
389881b424cf4d7ec66de13f01c7232a
-
SHA1
d3bc5a793c1b8910e1ecc762b69b3866e4c5ba78
-
SHA256
9d1211b3869ca43840b7da1677b257ad37521aab47719c6fcfe343121760b746
-
SHA512
2b9517d5d9d972e8754a08863a29e3d3e3cfde58e20d433c85546c2298aad50ac8b069cafd5abb3c86e24263d662c6e1ea23c0745a2668dfd215ddbdfbd1ab96
-
SSDEEP
6144:mmAUwI0Q3r6UBqC7e8O5rvH9MMoBfOWf6dX/mY9Row3:mmANIL3OUBqC7e15M/6d/Mw3
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2