Overview

overview

10

Static

static

1

ad4227d716...d7.exe

windows7-x64

10

ad4227d716...d7.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    06be538d980890259f83cc616d397bf4.bin

  • Size

    242KB

  • Sample

    230325-bc2mzscd8s

  • MD5

    f872d7f7bebc4ed40869167d956688d4

  • SHA1

    6fce8bb393bd6c435b44f60f5b7ffc8e15eff876

  • SHA256

    9c4d7bdf3e33ee7c1687b875100a5a8e83e2d17687ca5346db7d79ef3a17915b

  • SHA512

    c9e39a2a8646bf9c40bfc41b6894d963bae09714648b651179b766b2a95c9cbd6eda7826beedf8cdc1aa83086cc13edbf016a6c75421591889c3588c89cca8db

  • SSDEEP

    6144:yflVqQ1uiME/LduUqx+UZhZP2+YWDr+ux:Mvq4uiMQClZnPzr+a

Score
10/10
redlinedozkdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

dozk

C2

91.215.85.15:25916

Attributes
  • auth_value

    9f1dc4ff242fb8b53742acae0ef96143

Targets

    • Target

      ad4227d7167e62d588b09e1f04043088d048c81364534491945fd54b0fb58ad7.exe

    • Size

      311KB

    • MD5

      06be538d980890259f83cc616d397bf4

    • SHA1

      083875c97333f278823d3c938d743347c2243357

    • SHA256

      ad4227d7167e62d588b09e1f04043088d048c81364534491945fd54b0fb58ad7

    • SHA512

      2086e009666a0eac8392c5c5433e7ededb3193d42bb2fa70e50d7318e32db23966453deadca3bf29ef6afb02bfc94019d2576abba30c10647a90e3de0ae0b25c

    • SSDEEP

      3072:v/niGY8XLzFt23TNvXTu56ytWbr1ipANfZQl0q9Uvzfb8eXUjL0B0TtNbVG5ZrkK:328XLptAR/TYmBiWJ3OUjuLbQZ4u6SP

    Score
    10/10
    redlinedozkdiscoveryinfostealerspywarestealer

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

      infostealerredline

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks