General

  • Target

    1cf61889eb384eb6c7a802ea321cef67f89a9d98a8ebda4b6932f18d04f970e9

  • Size

    363KB

  • Sample

    221031-1vy29aedan

  • MD5

    93f7660beff9522e5f78452dcb2feb67

  • SHA1

    76b18162ed6077db0397050807f1debffa7de02f

  • SHA256

    1cf61889eb384eb6c7a802ea321cef67f89a9d98a8ebda4b6932f18d04f970e9

  • SHA512

    20179c9f201580aefa2a558d6c973fcfbae74d92ed39f80a2ddf9da6d1d2b012cbeb1aa391d11c1881afc1a9558761dbd4bb2fb0f4a53629d3d909eee7287692

  • SSDEEP

    6144:SEWzZTytzdL4XSKsUpkRH0kiPs7EUyBgiFHDAWlT76uin3hPq:SEiZ21dIS7RHdn71QFlnLitq

Malware Config

Extracted

Family

redline

Botnet

doz

C2

193.106.191.21:47242

Attributes
  • auth_value

    0c1f6245fdf34473eba636d447c5c2a3

Targets

    • Target

      1cf61889eb384eb6c7a802ea321cef67f89a9d98a8ebda4b6932f18d04f970e9

    • Size

      363KB

    • MD5

      93f7660beff9522e5f78452dcb2feb67

    • SHA1

      76b18162ed6077db0397050807f1debffa7de02f

    • SHA256

      1cf61889eb384eb6c7a802ea321cef67f89a9d98a8ebda4b6932f18d04f970e9

    • SHA512

      20179c9f201580aefa2a558d6c973fcfbae74d92ed39f80a2ddf9da6d1d2b012cbeb1aa391d11c1881afc1a9558761dbd4bb2fb0f4a53629d3d909eee7287692

    • SSDEEP

      6144:SEWzZTytzdL4XSKsUpkRH0kiPs7EUyBgiFHDAWlT76uin3hPq:SEiZ21dIS7RHdn71QFlnLitq

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks