General

  • Target

    9565591ec72c0ce38c83852516d526585b934e0346afff5a85e1a7aaeb50f395

  • Size

    467KB

  • Sample

    230322-n7atzagf52

  • MD5

    be1af041b6208491ac3e908f3388c775

  • SHA1

    70f00e3435971af66b66de9753b39443779b3ac7

  • SHA256

    9565591ec72c0ce38c83852516d526585b934e0346afff5a85e1a7aaeb50f395

  • SHA512

    5ff7a8737ad852d861f4d28cdf1d08ede2a1732c70cafb1e4316eb77f43c53d950ff3a9aab724f19a6f2a4ed290413033f62e82079f75b22884b55471e3396fb

  • SSDEEP

    3072:l22GlhgH/sWjuaSl47XMAiPFW6+3FAqev2qVNEzFvpa8NbQigb8vknTidoWNwziD:2Ux08l36qY2qzEBJeiBvXVGiFvC2q

Malware Config

Extracted

Family

redline

Botnet

dozk

C2

91.215.85.15:25916

Attributes
  • auth_value

    9f1dc4ff242fb8b53742acae0ef96143

Targets

    • Target

      9565591ec72c0ce38c83852516d526585b934e0346afff5a85e1a7aaeb50f395

    • Size

      467KB

    • MD5

      be1af041b6208491ac3e908f3388c775

    • SHA1

      70f00e3435971af66b66de9753b39443779b3ac7

    • SHA256

      9565591ec72c0ce38c83852516d526585b934e0346afff5a85e1a7aaeb50f395

    • SHA512

      5ff7a8737ad852d861f4d28cdf1d08ede2a1732c70cafb1e4316eb77f43c53d950ff3a9aab724f19a6f2a4ed290413033f62e82079f75b22884b55471e3396fb

    • SSDEEP

      3072:l22GlhgH/sWjuaSl47XMAiPFW6+3FAqev2qVNEzFvpa8NbQigb8vknTidoWNwziD:2Ux08l36qY2qzEBJeiBvXVGiFvC2q

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Collection

Data from Local System

2
T1005

Tasks