redline | 9fc2a0858f7a6cc44e72c22d5305fb13dec4c9ff0f78aaf1857c8434abdee2ba | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10-1703-x64

Sharing

General

Target

9fc2a0858f7a6cc44e72c22d5305fb13dec4c9ff0f78aaf1857c8434abdee2ba
Size

352KB
Sample

230324-ralfzseg58
MD5

ad2b8ac2e0d0a023ca6004d27711fe1a
SHA1

a9e85569f6e0a7612706d3651cbe6b9a29a67d02
SHA256

9fc2a0858f7a6cc44e72c22d5305fb13dec4c9ff0f78aaf1857c8434abdee2ba
SHA512

bbf62e8acd8c5f48eb604e6a993b2af634384fde347a37a978bd636b84c3ed0bcac9bd5f8e23302c640f7a9637b94ef1f51d3dfe5762ecbaef8f2d94323a5064
SSDEEP

6144:Ajeu+jlc6bgFpH7PDnwDEnwSY5cGyFr6fwSb9zYj:YevjlcCgFpbjS5cLFmfwStA

Score

10^/10

redline dozk discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

9fc2a0858f7a6cc44e72c22d5305fb13dec4c9ff0f78aaf1857c8434abdee2ba.exe

Resource

win10-20230220-en

redline dozk discovery infostealer spyware stealer

windows10-1703-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

dozk

C2

91.215.85.15:25916

Attributes

auth_value
9f1dc4ff242fb8b53742acae0ef96143

Targets

- Target
  
  9fc2a0858f7a6cc44e72c22d5305fb13dec4c9ff0f78aaf1857c8434abdee2ba
- Size
  
  352KB
- MD5
  
  ad2b8ac2e0d0a023ca6004d27711fe1a
- SHA1
  
  a9e85569f6e0a7612706d3651cbe6b9a29a67d02
- SHA256
  
  9fc2a0858f7a6cc44e72c22d5305fb13dec4c9ff0f78aaf1857c8434abdee2ba
- SHA512
  
  bbf62e8acd8c5f48eb604e6a993b2af634384fde347a37a978bd636b84c3ed0bcac9bd5f8e23302c640f7a9637b94ef1f51d3dfe5762ecbaef8f2d94323a5064
- SSDEEP
  
  6144:Ajeu+jlc6bgFpH7PDnwDEnwSY5cGyFr6fwSb9zYj:YevjlcCgFpbjS5cLFmfwStA
Score

10^/10

redline dozk discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinedozkdiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy