General

  • Target

    94d7d12ae53ce97f38d8890383c2317ce03d45bd6ecaf0e0b9165c7066cd300c

  • Size

    300KB

  • Sample

    241213-aqhatstrhp

  • MD5

    7b6730ca4da283a35c41b831b9567f15

  • SHA1

    92ef2fd33f713d72207209ec65f0de6eef395af5

  • SHA256

    94d7d12ae53ce97f38d8890383c2317ce03d45bd6ecaf0e0b9165c7066cd300c

  • SHA512

    ae2d10f9895e5f2af10b4fa87cdb7c930a531e910b55cd752b15dac77a432cc28eca6e5b32b95eeb21e238aaf2eb57e29474660cae93e734d0b6543c1d462ace

  • SSDEEP

    3072:acZqf7D34kp/0+mA0kywMlQEg85fB1fA0PuTVAtkxzy3RMeqiOL2bBOA:acZqf7DIcnGCQNB1fA0GTV8kU0L

Malware Config

Extracted

Family

redline

Botnet

eewx

C2

185.81.68.147:1912

Targets

    • Target

      94d7d12ae53ce97f38d8890383c2317ce03d45bd6ecaf0e0b9165c7066cd300c

    • Size

      300KB

    • MD5

      7b6730ca4da283a35c41b831b9567f15

    • SHA1

      92ef2fd33f713d72207209ec65f0de6eef395af5

    • SHA256

      94d7d12ae53ce97f38d8890383c2317ce03d45bd6ecaf0e0b9165c7066cd300c

    • SHA512

      ae2d10f9895e5f2af10b4fa87cdb7c930a531e910b55cd752b15dac77a432cc28eca6e5b32b95eeb21e238aaf2eb57e29474660cae93e734d0b6543c1d462ace

    • SSDEEP

      3072:acZqf7D34kp/0+mA0kywMlQEg85fB1fA0PuTVAtkxzy3RMeqiOL2bBOA:acZqf7DIcnGCQNB1fA0GTV8kU0L

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Redline family

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.