redline | acad6cadab44ae090515ab862d40b47aad0cf43f275f28d870af8def7399949c | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-2004-x64

Sharing

General

Target

acad6cadab44ae090515ab862d40b47aad0cf43f275f28d870af8def7399949c
Size

467KB
Sample

230322-lxtg8agb52
MD5

3ade6bcbe69fbd58b3792087e45e88ff
SHA1

d7499095da19277837555e0a4efbb3c78ea2a9a0
SHA256

acad6cadab44ae090515ab862d40b47aad0cf43f275f28d870af8def7399949c
SHA512

ca6592e6a4ba06f6bb18f95797d3736eb348d26cc3b073ffaa891422ddec69b33ecba291488256891062672418d1d0100027a4fff28a1c1cb1e016d6f2f61b79
SSDEEP

3072:664Tl4UC/2fjuaU7/eUJA77RezEEP4d+J4JX+UuJ2m/WfEAcfvHNG59ssI3KNrOq:bbaYmz70YEP4d+GJHuh+fPcXHk9ssq

Score

10^/10

redline dozk discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

acad6cadab44ae090515ab862d40b47aad0cf43f275f28d870af8def7399949c.exe

Resource

win10v2004-20230221-en

redline dozk discovery infostealer spyware stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

dozk

C2

91.215.85.15:25916

Attributes

auth_value
9f1dc4ff242fb8b53742acae0ef96143

Targets

- Target
  
  acad6cadab44ae090515ab862d40b47aad0cf43f275f28d870af8def7399949c
- Size
  
  467KB
- MD5
  
  3ade6bcbe69fbd58b3792087e45e88ff
- SHA1
  
  d7499095da19277837555e0a4efbb3c78ea2a9a0
- SHA256
  
  acad6cadab44ae090515ab862d40b47aad0cf43f275f28d870af8def7399949c
- SHA512
  
  ca6592e6a4ba06f6bb18f95797d3736eb348d26cc3b073ffaa891422ddec69b33ecba291488256891062672418d1d0100027a4fff28a1c1cb1e016d6f2f61b79
- SSDEEP
  
  3072:664Tl4UC/2fjuaU7/eUJA77RezEEP4d+J4JX+UuJ2m/WfEAcfvHNG59ssI3KNrOq:bbaYmz70YEP4d+GJHuh+fPcXHk9ssq
Score

10^/10

redline dozk discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinedozkdiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy