redline | b5ad8bafe43ebc3430571c9d3000d98c452d1d1ee42c5dd4b84be615ed25777f | Triage

Submit
Reports

Overview

overview

Static

static

1

415ed284c9...25.exe

windows7-x64

415ed284c9...25.exe

windows10-2004-x64

Sharing

General

Target

5a86037c2b791d93962bb03022768baa.bin
Size

271KB
Sample

230326-bq8y8aha51
MD5

caa07040baabf910d1e9abc5ba16370b
SHA1

f9b91e529cba70897e1f75fc77e43f7d5fa0318e
SHA256

b5ad8bafe43ebc3430571c9d3000d98c452d1d1ee42c5dd4b84be615ed25777f
SHA512

c6d3f2f8a21e1efecd4812ea16cbb8c32caece94fecb1fc90e173ef2011cdd811978ee407421b7c49cf335e7b8dbeb59757d78da43488cd22965e3d583eb5890
SSDEEP

6144:ckDALR0YctGbOaBy5pA4mmRGKyTdDXLCX:c4ANBcQbOakA/mRGnzk

Score

10^/10

redline dozk discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

415ed284c9515925e60e26958546b0fe84b5f1e9f2647b4d4355af5425cea425.exe

Resource

win7-20230220-en

redline dozk discovery infostealer spyware stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

415ed284c9515925e60e26958546b0fe84b5f1e9f2647b4d4355af5425cea425.exe

Resource

win10v2004-20230220-en

redline dozk discovery infostealer spyware stealer

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

redline

Botnet

dozk

C2

91.215.85.15:25916

Attributes

auth_value
9f1dc4ff242fb8b53742acae0ef96143

Targets

- Target
  
  415ed284c9515925e60e26958546b0fe84b5f1e9f2647b4d4355af5425cea425.exe
- Size
  
  383KB
- MD5
  
  5a86037c2b791d93962bb03022768baa
- SHA1
  
  fb94a4441007f82336fdb9094e3e1550435073ea
- SHA256
  
  415ed284c9515925e60e26958546b0fe84b5f1e9f2647b4d4355af5425cea425
- SHA512
  
  6c2924de7adcec65fc17f41817eb2535b4a88882c724bb8f231a23fcd7a950bc5b4a612df87bbd0201ea3457e59dcfc5706203e9346a165571e76876d927b5dc
- SSDEEP
  
  6144:rKllzYoLhPvyBU0wu5qRLXMbhaSUfP8vZ2228n3xR2OdWva:ullzY0hnkU0L5qZELUsvE22qRzN
Score

10^/10

redline dozk discovery infostealer spyware stealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

redlinedozkdiscoveryinfostealerspywarestealer

behavioral2

redlinedozkdiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy