General

  • Target

    5b72c9fe15c2e361e3639b8130ddf1db0d5ddaffb1cfb9ef385cc4048abeb1e2

  • Size

    287KB

  • Sample

    230321-az2e3aga68

  • MD5

    c05b82b11efe1b223fc5c97d9989ae22

  • SHA1

    5bf51fa9c30bb5964e9129ce9b381d753aee576c

  • SHA256

    5b72c9fe15c2e361e3639b8130ddf1db0d5ddaffb1cfb9ef385cc4048abeb1e2

  • SHA512

    7fd6515b3b02fac0d4c6cf46ce9c946ed5d25796603ea64b301ac445c0be1fffe078064f03fc78ff35c3f472969c6f08b7401c0079ac7ed8c785527fce87e92a

  • SSDEEP

    3072:94fn8c7QIo2mxaTe20vhwqzNGUiXphCv74uBAJ+d/st23Cs2sClNzKGs8Kyy4445:MnVsuQ5xzNq1VEsAyHVlHs8K3

Malware Config

Extracted

Family

redline

Botnet

dozk

C2

91.215.85.15:25916

Attributes
  • auth_value

    9f1dc4ff242fb8b53742acae0ef96143

Targets

    • Target

      5b72c9fe15c2e361e3639b8130ddf1db0d5ddaffb1cfb9ef385cc4048abeb1e2

    • Size

      287KB

    • MD5

      c05b82b11efe1b223fc5c97d9989ae22

    • SHA1

      5bf51fa9c30bb5964e9129ce9b381d753aee576c

    • SHA256

      5b72c9fe15c2e361e3639b8130ddf1db0d5ddaffb1cfb9ef385cc4048abeb1e2

    • SHA512

      7fd6515b3b02fac0d4c6cf46ce9c946ed5d25796603ea64b301ac445c0be1fffe078064f03fc78ff35c3f472969c6f08b7401c0079ac7ed8c785527fce87e92a

    • SSDEEP

      3072:94fn8c7QIo2mxaTe20vhwqzNGUiXphCv74uBAJ+d/st23Cs2sClNzKGs8Kyy4445:MnVsuQ5xzNq1VEsAyHVlHs8K3

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks