Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    329KB

  • Sample

    221121-j4zlpsah87

  • MD5

    5d0cc8f91951c3ee8feb0a84362a7d08

  • SHA1

    29f76338287d37482c38bb0afb17c8bf50ac6fe2

  • SHA256

    f29190f00b2eb1f1452fb444e4668e8eeb23a7f29b97d3824e9ed688e8c8135f

  • SHA512

    e97e734e3b22e51bb645bc6fa82fefb2fd162d79864b4cffd899bfee70c1208edac0ed6238b01d056efe133196188d214e2b0f053be94d46bd0cd931a225b392

  • SSDEEP

    6144:gKAtFDWraYjM74hoahhPs+Kd35MiNf81lyvVLkhOrS6QkbFew:gKU5xY4Eh7sp/tfJvJkIFQ8w

Score
10/10
redlinedozkeydiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

dozkey

C2

193.106.191.30:47242

Attributes
  • auth_value

    6386fb6f33ca338f864abfc5f8fe1774

Targets

    • Target

      file.exe

    • Size

      329KB

    • MD5

      5d0cc8f91951c3ee8feb0a84362a7d08

    • SHA1

      29f76338287d37482c38bb0afb17c8bf50ac6fe2

    • SHA256

      f29190f00b2eb1f1452fb444e4668e8eeb23a7f29b97d3824e9ed688e8c8135f

    • SHA512

      e97e734e3b22e51bb645bc6fa82fefb2fd162d79864b4cffd899bfee70c1208edac0ed6238b01d056efe133196188d214e2b0f053be94d46bd0cd931a225b392

    • SSDEEP

      6144:gKAtFDWraYjM74hoahhPs+Kd35MiNf81lyvVLkhOrS6QkbFew:gKU5xY4Eh7sp/tfJvJkIFQ8w

    Score
    10/10
    redlinedozkeydiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks