General

  • Target

    0bc3bf3d578af6f367f2ba1e2684c686ab2339fbcaa3edd38e83789a692df1e2.exe

  • Size

    313KB

  • Sample

    230322-zl735adc21

  • MD5

    f766e02da046dcd0b34eed69e2c68182

  • SHA1

    b37a62cc2e299e204f64a741a532685bfd42289f

  • SHA256

    0bc3bf3d578af6f367f2ba1e2684c686ab2339fbcaa3edd38e83789a692df1e2

  • SHA512

    2a88b490526c09abc76ea28cb5e81733a5afb1571783e38c36595bd48b45350f2f70dceacee65c03e880d43a6e544e36b499cf9aa47b96baa7861b7eff0ae3db

  • SSDEEP

    6144:Q+kiHuUvh9Qfpe08PcowUm6GQhT+hF96JRTTfmCtdS8tpqj:Q+kiHxzQfpN8sUmVQohF4JxNdSm0j

Malware Config

Extracted

Family

redline

Botnet

dozk

C2

91.215.85.15:25916

Attributes
  • auth_value

    9f1dc4ff242fb8b53742acae0ef96143

Targets

    • Target

      0bc3bf3d578af6f367f2ba1e2684c686ab2339fbcaa3edd38e83789a692df1e2.exe

    • Size

      313KB

    • MD5

      f766e02da046dcd0b34eed69e2c68182

    • SHA1

      b37a62cc2e299e204f64a741a532685bfd42289f

    • SHA256

      0bc3bf3d578af6f367f2ba1e2684c686ab2339fbcaa3edd38e83789a692df1e2

    • SHA512

      2a88b490526c09abc76ea28cb5e81733a5afb1571783e38c36595bd48b45350f2f70dceacee65c03e880d43a6e544e36b499cf9aa47b96baa7861b7eff0ae3db

    • SSDEEP

      6144:Q+kiHuUvh9Qfpe08PcowUm6GQhT+hF96JRTTfmCtdS8tpqj:Q+kiHxzQfpN8sUmVQohF4JxNdSm0j

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Collection

Data from Local System

2
T1005

Tasks