General
-
Target
9146ddf27e66cac77b843cdc81991c49.exe
-
Size
304KB
-
Sample
241005-ehcgtstgqm
-
MD5
9146ddf27e66cac77b843cdc81991c49
-
SHA1
9beaa67864a04822c374bde867db18671708bc9a
-
SHA256
5913ec84369b5769c39bb17281ede29c99c5bf8ef78c23075640df40a92b1f31
-
SHA512
368005fae3a4e10fc08c94aa41d2fa28e3b89ce80703a76a86d1706ece8f731a6c8a8c652bfa6a348f62935108126b7683969dfc1977cc29916f1cd79a6191b5
-
SSDEEP
3072:wq6EgY6iYrUjL849wPzoSsT0TAztASiYlcZqf7D34teqiOLibBOu:zqY6i3wPXsT0TAZAilcZqf7DIXL
Malware Config
Extracted
redline
cookie
185.218.125.157:21441
Targets
-
-
Target
9146ddf27e66cac77b843cdc81991c49.exe
-
Size
304KB
-
MD5
9146ddf27e66cac77b843cdc81991c49
-
SHA1
9beaa67864a04822c374bde867db18671708bc9a
-
SHA256
5913ec84369b5769c39bb17281ede29c99c5bf8ef78c23075640df40a92b1f31
-
SHA512
368005fae3a4e10fc08c94aa41d2fa28e3b89ce80703a76a86d1706ece8f731a6c8a8c652bfa6a348f62935108126b7683969dfc1977cc29916f1cd79a6191b5
-
SSDEEP
3072:wq6EgY6iYrUjL849wPzoSsT0TAztASiYlcZqf7D34teqiOLibBOu:zqY6i3wPXsT0TAZAilcZqf7DIXL
Score10/10-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
1Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2