redline | 0bc3bf3d578af6f367f2ba1e2684c686ab2339fbcaa3edd38e83789a692df1e2 | Triage

Submit
Reports

Overview

overview

Static

static

1

0bc3bf3d57...e2.exe

windows7-x64

0bc3bf3d57...e2.exe

windows10-2004-x64

Sharing

General

Target

0bc3bf3d578af6f367f2ba1e2684c686ab2339fbcaa3edd38e83789a692df1e2.exe
Size

313KB
Sample

230322-zl735adc21
MD5

f766e02da046dcd0b34eed69e2c68182
SHA1

b37a62cc2e299e204f64a741a532685bfd42289f
SHA256

0bc3bf3d578af6f367f2ba1e2684c686ab2339fbcaa3edd38e83789a692df1e2
SHA512

2a88b490526c09abc76ea28cb5e81733a5afb1571783e38c36595bd48b45350f2f70dceacee65c03e880d43a6e544e36b499cf9aa47b96baa7861b7eff0ae3db
SSDEEP

6144:Q+kiHuUvh9Qfpe08PcowUm6GQhT+hF96JRTTfmCtdS8tpqj:Q+kiHxzQfpN8sUmVQohF4JxNdSm0j

Score

10^/10

redline dozk discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

0bc3bf3d578af6f367f2ba1e2684c686ab2339fbcaa3edd38e83789a692df1e2.exe

Resource

win7-20230220-en

redline dozk discovery infostealer spyware stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

0bc3bf3d578af6f367f2ba1e2684c686ab2339fbcaa3edd38e83789a692df1e2.exe

Resource

win10v2004-20230220-en

redline dozk discovery infostealer spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

dozk

C2

91.215.85.15:25916

Attributes

auth_value
9f1dc4ff242fb8b53742acae0ef96143

Targets

- Target
  
  0bc3bf3d578af6f367f2ba1e2684c686ab2339fbcaa3edd38e83789a692df1e2.exe
- Size
  
  313KB
- MD5
  
  f766e02da046dcd0b34eed69e2c68182
- SHA1
  
  b37a62cc2e299e204f64a741a532685bfd42289f
- SHA256
  
  0bc3bf3d578af6f367f2ba1e2684c686ab2339fbcaa3edd38e83789a692df1e2
- SHA512
  
  2a88b490526c09abc76ea28cb5e81733a5afb1571783e38c36595bd48b45350f2f70dceacee65c03e880d43a6e544e36b499cf9aa47b96baa7861b7eff0ae3db
- SSDEEP
  
  6144:Q+kiHuUvh9Qfpe08PcowUm6GQhT+hF96JRTTfmCtdS8tpqj:Q+kiHxzQfpN8sUmVQohF4JxNdSm0j
Score

10^/10

redline dozk discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

redlinedozkdiscoveryinfostealerspywarestealer

behavioral2

redlinedozkdiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy