Overview

overview

10

Static

static

99d3e8e677...24.exe

windows7-x64

10

99d3e8e677...24.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    99d3e8e677488bed6f7ab10988da7eff0abc3032659aa1306951d9e60dcd1524

  • Size

    362KB

  • Sample

    221120-wkpcvaee2x

  • MD5

    c394cbac9c4884f4c7bff33beda67a49

  • SHA1

    9f96d35177d79c6309119b3839f9881f3ae7a3df

  • SHA256

    65e8f9415581f21ff6a5b0ba05df7f22acf565b2bb5d959ba7fa297e3a576d92

  • SHA512

    44b2c91286682471efffc5cd6ca4e86e9855666bf395cb34520089d45b176e38a30771daaea8e25105cf8090d1f93718c07229ca5b3491ff39b0e538a36dc8c7

  • SSDEEP

    6144:r+jh7NQbaIfOm4cnHljA1U2TQldVyOH+54bqUEat5+RaUDTgvDIYs30MAlIMk:r+zxIz4IFjA1jYpH+qb6ewBgctAlu

Score
10/10
redlinedozkeydiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

dozkey

C2

193.106.191.30:47242

Attributes
  • auth_value

    6386fb6f33ca338f864abfc5f8fe1774

Targets

    • Target

      99d3e8e677488bed6f7ab10988da7eff0abc3032659aa1306951d9e60dcd1524

    • Size

      483KB

    • MD5

      fde962fdbfea3dbac3497bd5c48cf5db

    • SHA1

      b1af9c9043f2f6fa7c3bb805420b669b8f53f399

    • SHA256

      99d3e8e677488bed6f7ab10988da7eff0abc3032659aa1306951d9e60dcd1524

    • SHA512

      1bf0a0bb4de634a3b6740861b1e8c6af590f27bf2e2e04f0ccfacd9f607986f2d563d189035f403714fc4b96f164ab499f71a82c4a34e2ab11076f7eab69c2b3

    • SSDEEP

      6144:NCZGbaIfCm4cnHDjA1U2xQldVyO3+94b21hvUrCZhVV4E+O13oXc:8Z3Iv4IjjA1jSp3+eb2F0DO

    Score
    10/10
    redlinedozkeydiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks